IBM Verify

IBM Verify

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Support for hardware TOTP devices

    Posted Mon November 07, 2022 05:53 AM
    Are hardware TOTP devices supported out of the box with the ISVA on prem solution. If so, what is the procedure to register these devices if you cannot scan a QR code or enter the key on the device itself

    ------------------------------
    Gerwin Bastiaansen
    ------------------------------


  • 2.  RE: Support for hardware TOTP devices
    Best Answer

    Posted Tue November 08, 2022 01:55 AM
    Edited by Gerwin Bastiaansen Tue November 08, 2022 03:10 AM

    If the TOTP seed needs to originate from "outside ISVA" and be populated "into ISVA" for a user account, then you build your own trivial registration experience (either for the user, but more likely for admins) via InfoMap, and leverage the IDMappingExtUtils.storeTotpSecretKey(user, key) API to populate it into the ISVA registry.

    You can even build it in such a way that it can be accessed via apiauthsvc with a JSON payload, and support scripted or bulk registration payloads.



    ------------------------------
    Shane Weeden
    IBM
    ------------------------------

    Original Message


  • 3.  RE: Support for hardware TOTP devices

    Posted Tue November 08, 2022 03:11 AM
    Thanks Shane, that confirms my thoughts

    ------------------------------
    Gerwin Bastiaansen
    ------------------------------

    Original Message