Page tree
Skip to end of metadata
Go to start of metadata

Enabling the method

The OTP Server API is installed by default and visible in the Ubisecure Management console.

HomeSystemOTP Server

Enabling the method

The first configuration step is to specify which OTP methods the OTP Server can have access to.

First add the method to the site by navigating to SystemOTP ServerSite MethodsAdd Method… and select the desired OTP method.

Next enable the method for the application by navigating to SystemOTP ServerApplicationsOTP ServerAllowed Methods and enabling the method.

Confirm the changes by clicking "Update".

Enabling the OTP Method

Access control to API

HTTP Basic Authentication is used to identify and authorize users for access to the API. The users and corresponding credentials that have the authority to make OTP Server REST calls are configured within the Ubisecure SSO Management console. The authorized user must be in the "OTP Server Admins" group and the password.1 method must be enabled for the user. The credentials for the HTTP Basic authentication are the same as the password set for the password.1 method.

Members of the group "OTP Server Admins Group" have the authority to make OTP Server REST calls.

For instance, if the user "apiuser2" is a member "OTP Server Admins" group as shown above and the password for the user is "changeit", the corresponding credentials, e.g. username and password for the HTTP Basic Authentication would be "OTP Server Admin" and "changeit".

apiuser2belongs to the "OTP Server Admins"group and thus has the authority to make OTP Server REST calls.

OTP list configuration

OTP List settings are configured via the Ubisecure Management console. HomeGlobal Method Settings → Method Name

Multiple list types can be configured and used concurrently – for example, a four digit OTP code could be used for log in events and an eight digit OTP code for transaction confirmation.


OTP Window Size (mandatory)
Specifies the number of one-time passwords the user may skip. Minimum value is 1 meaning that the user is not allowed to skip the sequences. Maximum value is 10, meaning that the user may use any of the next 10 OTPs. The purpose of this feature is to enhance usability and if there is no explicit need for this, it is recommended to use the value of 1. Changes for this setting affect also the existing OTP lists.

OTP Length in Digits (mandatory)
Specifies the number of digits in each one-time password. The minimum length is 4 and the maximum length is 8. Changes for this setting affect only the OTP lists generated after the change.

OTP List Length (mandatory)
Specifies the number of one-time passwords in each OTP list. The minimum value is 10 and the maximum value is 1000. Changes for this setting affect only the OTP lists generated after the change.

  • No labels