Skip to main content

TOTP

SecureAuth Connect TOTP authentication lets users sign in with time-based one-time passwords generated by a mobile authenticator app such as Google Authenticator or Microsoft Authenticator. The app generates a new code every 30 seconds, and the user enters the current code on the sign-in screen to verify their identity.

Use cases

TOTP fits when you need a strong factor that works without network connectivity on the user's device.

  • B2B and workforce: Employees and partners install an authenticator app once and use it across services. IT teams avoid per-user SMS costs.
  • High-security B2C: TOTP is stronger than SMS OTP because codes are generated on the device and never travel over a carrier network. There is no SIM-swap risk.
  • Offline environments: The authenticator app generates codes locally using a shared secret and the current time. No cellular signal, internet connection, or push notification delivery required.
  • Second factor for sensitive actions: Pair TOTP with password-based sign-in to add a second factor for scope granting, admin login, or other high-assurance flows.

TOTP is not the best fit when users cannot install an app on their device, or when the enrollment step (scanning a QR code) creates too much friction for low-risk consumer flows.

How TOTP works

During enrollment, SecureAuth Connect generates a shared secret and displays it as a QR code. The user scans the QR code with their authenticator app, which stores the secret. This is a one-time setup. On subsequent sign-ins, the authenticator app automatically displays a fresh code for the user to enter.

The app uses the stored secret and the current time to generate a new six-digit code every 30 seconds. At sign-in, the user opens their authenticator app, reads the current code, and enters it on the verification screen. SecureAuth Connect generates the expected code on its side using the same secret and time window, and compares the two.

Enable TOTP as an authentication method

  1. In your workspace, go to Authentication > Settings.
  2. Select the Methods tab.
  3. Select the TOTP check box.
  4. Click Save.

Add TOTP to an identity pool

After enabling TOTP at the workspace level, add it as a first-factor or second-factor method in the identity pool:

  1. Go to Users > your identity pool > Sign-in and Sign-up.
  2. Under First-Factor Authentication Methods or Second-Factor Authentication Methods, click + Add method and choose TOTP.
  3. To set TOTP as the preferred method, click the three-dot menu and select Make Preferred.
  4. Click Save.

See also