Support Center

Generating TOTP Tokens and Token validation

Generating TOTP Tokens

JumpCloud multifactor authentication supports TOTP based tokens.  Users may find their TOTP key (and corresponding QR code) in the JumpCloud User portal. Any application that can generate a six digit SHA-1 based token should be able to be used with JumpCloud's MFA. Several applications that we've qualified to work with JumpCloud are:
Token Validation

Token validation is required for:
  • Mac desktop login
  • Linux SSH login
In order for these MFA enabled resources to enforce MFA login, the TOTP key must be validated in the JumpCloud user portal. In order to verify the key, users must enter two valid tokens. This rule works on a user by user basis. E.g., if MFA is enabled for a given Linux server, and User A has validated their key, they will be prompted for a token. If User B has not validated their key, they will not be prompted.



Once two valid tokens are entered, the indicator next to the MFA header will change to green. The user will now be required to enter a token on any resource endpoint where MFA has been enabled.  



In case of Device Loss or Failures

Because the device containing the TOTP key may be a single point of failure, in case of loss or breakage, it's recommended to record and store the TOTP value in a safe place as a backup. Most apps that generate TOTP tokens allow the TOTP key to be entered manually, which means it can be typed in rather than scanning the QR code in order to restore the ability to generate tokens on a new device or app.  
 

Last Updated: Oct 12, 2017 12:48PM MDT

Related Articles
31b11a79e2c94470a66430cfe6d3eecd@jumpcloud.desk-mail.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete