Ping Identity Data Governance Broker - TOTP Identity Authenticator

Data Governance Broker Documentation Index
Configuration Reference Home

TOTP Identity Authenticator

Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.

Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.

The TOTP Identity Authenticator may be used to authenticate an end-user with a time-based one-time password based on RFC 6238 by using the UnboundID Validate TOTP Password Extended LDAP operation.

↓Parent Component
↓Properties
↓dsconfig Usage

Parent Component

The TOTP Identity Authenticator component inherits from the Identity Authenticator

Properties

The properties supported by this managed object are as follows:

Basic Properties:	Advanced Properties:
↓ description	None
↓ authentication-method-reference
↓ schema-urn

Basic Properties

description

Description	A description for this Identity Authenticator
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

authentication-method-reference

Description	Specifies identifiers of the authentication methods provided by this TOTP Identity Authenticator. Each value is exposed in the "amr" (authentication method reference) claim in an ID token, and also the "lastLoginMethods" and "lastSecondFactorMethods" properties of a user session SCIM sub-resource.
Default Value	otp
Allowed Values	A string
Multi-Valued	Yes
Required	No
Admin Action Required	None. Modification requires no further action

schema-urn (Read-Only)

Description	The URN which identifies the SCIM extension schema that should contain attributes intended for this TOTP Identity Authenticator in authentication request and response messages.
Default Value	urn:pingidentity:scim:api:messages:2.0:TOTPAuthenticationRequest
Allowed Values	A URN begins with 'urn:', is followed by a namespace component that is no more than 32 alpha-numeric characters long, which is followed by one or more colon-delimited identifiers consisting of legal URN characters (letters, digits, and characters in '()+,-.:=@;$_!*'). For example, a URN in the 'acme' namespace might be "urn:acme:identity:User.name".
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

dsconfig Usage

To list the configured Identity Authenticators:

dsconfig list-identity-authenticators
     [--property {propertyName}] ...

To view the configuration for an existing Identity Authenticator:

dsconfig get-identity-authenticator-prop
     --authenticator-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Identity Authenticator:

dsconfig set-identity-authenticator-prop
     --authenticator-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new TOTP Identity Authenticator:

dsconfig create-identity-authenticator
     --authenticator-name {name}
     --type totp
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Identity Authenticator:

dsconfig delete-identity-authenticator
     --authenticator-name {name}