Custom TOTP authenticator

Using this method, admins can configure any TOTP authenticator for identity verification. ADSelfService Plus supports two types of TOTP tokens for authentication:

Steps to configure custom TOTP authenticators

  1. Navigate to Configuration > Self-Service > Multi-factor Authentication > uthenticators Setup.
  2. From the Choose the Policy drop-down, select a policy.
  3. Note: ADSelfService Plus allows you to create OU and group-based policies. To create a policy, go to Configuration → Self-Service → Policy Configuration → Add New Policy. Click Select OUs/Groups, and make the selection based on your requirements. You need to select at least one self-service feature. Finally, click Save Policy.
  4. Click Custom TOTP Authenticator section.
  5. Enter the Authenticator Name, Passcode Length, Passcode Expiration Time, Passcode Hashing Algorithm, Account Name Format and upload the Authenticator Logo.
  6. Choose either Software Token or Hardware Token based on the type of token you wish to configure.
  7. Note: If the Authenticator Logo is not uploaded, a default logo will be used.
  8. Click Save.

Step to enroll for custom TOTP authenticators

  1. For steps to enroll for software tokens.
  2. You can enroll for hardware token using two methods:
    • Import data via CSV file
    • Fetch data via DB
Tip: In case of using programmable tokens which allow the user to regenerate a secret key, it is recommended to configure custom TOTP authenticator as a software token.

To modify the configuration:

  1. Navigate to Configuration > Self-Service > Multi-factor Authentication > Authenticators Setup.
  2. Click Custom TOTP Authenticator section.
  3. Click Modify and change the information provided wherever necessary.
  4. If the configuration has to be removed, click Remove Configuration.
  5. Click Save.

When the configuration is modified or removed, the user enrollment data for that configuration will be deleted as well.

When a user is shifted from one self-service policy to another and if both these policies do not have the same Custom TOTP Authenticator configuration, the user will be considered as not enrolled.


Your request has been submitted to the ADSelfService Plus technical support team. Our technical support people will assist you at the earliest.


Need technical assistance?

  • Enter your email ID
  • Talk to experts
    By clicking 'Talk to experts', you agree to processing of personal data according to the Privacy Policy.

Copyright © 2023, ZOHO Corp. All Rights Reserved.