This administration page is only available to the administrator of a client.
Instead of the usual two-factor authentication via email or app, you can also set up authentication for your client's users using OTP tokens (one-time password tokens). This offers even greater security, as it is a physical hardware token that is difficult to access for third parties.
Set up hardware token as login method
To set up such a hardware token as a login method for a user, first click on
Add. Then select the user in the drop-down list for whom the token is to be set up and enter the serial number of the token (the number can usually be found on the back of the token).
Next, enter the token secret associated with the hardware token. The token secret is required by konfipay so that the generation of OTP codes can function.
You will receive this token secret from the manufacturer of the hardware token. Please note that the token manufacturer often only provides the token secret for a limited period of time (e.g. 30 days after ordering). It is essential that you save or store the Token Secret in a safe place within this period. If the Token Secret is lost, the hardware token cannot be set up again. Therefore, keep the Token Secret for as long as the hardware token is to be used.
In the next step, enter the coding and algorithm used by the hardware token. This information can usually be found in the accompanying documentation from the hardware token manufacturer.
Also enter the time interval for which an OTP code is valid. You will also find this information in the documentation accompanying the hardware token - as well as the length of an OTP code, which you enter next.
The expiration date is for information purposes only and represents the lifetime of the hardware token battery expected by the manufacturer. This information can also be found in the accompanying documents. If the expiration date is properly entered, you can quickly see in the future which hardware tokens need to be replaced due to their age.
Check OTP code
Once you have set up a hardware token, you can check if it’s working by selecting the corresponding user/token in the list and clicking on
Check OTP code. You can then enter an OTP code as a test and check whether it is accepted.
If the setup was successful, konfipay will report that the verification of the one-time password (OTP) was successful.
Transfer hardware token to another user
It is possible to pass on a hardware token that has already been set up to another user if, for example, the previous user leaves your company.
To do this, select the token in the list of hardware tokens and click on
Edit. Select the new user from the drop-down list and click on
Deactivate login with hardware token
The two-factor authentication of a user with a hardware token can only be deactivated by the administrator of a client. To do this, you must delete the stored hardware token by selecting the hardware token in the list and clicking on
Delete. The user's two-factor authentication is then reset to the last method used (email or app).