Two-factor OATH authentication with Google Authenticator

Google Authenticator allows for adding a dynamic component to a static password for increased account security.


  1. Select Management > Users.
  2. Find and click the user for whom you want to add the OATH authentication method.
  3. Click Add authentication method.
  4. From the Type drop-down list, select OATH.
../../_images/authentication_method_type.png
  1. Enter password’s static part.
../../_images/authentication_method_static.png
  1. From the Token type drop-down list, select HOTP (counter-based).
../../_images/authentication_method_token_type.png
  1. Enter a secret that will be used by Google Authenticator or click . to generate it automatically.
../../_images/authentication_method_secret.png

Note

The secret must be a Base32 encoded value.

  1. In the Length field, enter 6.
../../_images/authentication_method_length.png
  1. Click Save.
  2. Launch Google Authenticator and add new service.
Manual entry QR Code
  • Select Enter a provided key.
../../_images/google_authenticator_add_account.png
  • Enter account name.
../../_images/google_authenticator_account_name.png
  • Enter the secret defined in OATH authentication method.

Note

Click . on the user edit form in the Authentication section to reveal the secret.

../../_images/google_authenticator_account_secret.png
  • Select Counter based.
../../_images/google_authenticator_account_type.png
  • Select ADD.
../../_images/google_authenticator_account_add.png
  • Click . on the user configuration form, next to the Secret field in the Authentication section.
  • Select Scan a barcode in Google Authenticator.
../../_images/google_authenticator_add_account_scan_qr.png
  1. When logging in, the password string consists of a static password defined in the authentication method and dynamic part generated by the Google Authenticator, e.g. password481418.
../../_images/google_authenticator_token.png

Related topics: