​

One-Time-Password handling

Octomind supports logins that require a 2nd-Factor using a, a so-called one-time-password (OTP). See an example of an app implementing an OTP login.

We support both time-based one-time-passwords (TOTP - RFC 6328) as well as HMAC-based (HOTP - RFC 4226). Octomind can login using a second factor if you provide us with an initialization key.

You can get it during the enrollment of the account in question into 2-factor. Most of the time the initialization key can be seen on the same page that the QR-code for scanning it into your authenticator app is visible. See this example, the exact UI depends on your authentication provider.

The initialization key that will be shown is a long string consisting of alphanumeric characters, the exact length depends on which algorithm the authentication provider chose to implement.

Once you have copied the initialization key and have enrolled and copied the otp initialization key you will need to enter it into the test account settings of octomind, find them by clicking the settings gear icon and then navigating to the “environments” section. Then enter the initialization key that you copied from your enrollment process and save.

Now both in prompts and test case steps you will be able to use the template

$OCTO_TOTP

. Find out more about variable usage in our variables documentation.