Configuring Single-Factor Authentication

You can use single-factor authentication if users log on with only one factor: a passcode, a password, an X.509 certificate, or other. The passcode has to be generated by a mobile device with an installed authenticator mobile application.

Prerequisites

You have configured the TOTPLoginModule to support otp or otp|pwd modes.

For more information, see Configuring TOTPLoginModule and RBALoginModule.

Context

You can do the following settings for the single-factor authentication:

You can require confirmation from users when they automatically log on to an application.
You can require two distinct passcodes from users before they log on to an application.

This might be necessary for security reasons if using only one passcode might result in security being compromised.
You can set the system to create a persistent cookie when the user initially provides two distinct passcodes.

You can set the following for this cookie:
- Validity
  
  The cookie is valid until it expires or is revoked. You revoke such a cookie for specific users under the Users tab of the One-Time Password Administration UI. For more information about the management of user accounts, see Related Information.
  
  Note
  
  The default value is 30 days.
- HTTP only
  This property shows that the persistent cookie is not accessible from the script of the browser.
  
  Note
  
  This property is enabled by default.
- Secure
  The persistent cookie is sent to the browser only if the HTTPS scheme is used for secure connections.
  
  Note
  
  This property is enabled by default.

Procedure

Log on to the One-Time Password Administration UI at http(s)://<host>:<port>/ssoadmin/otp.
Choose the Settings tab.
Choose the Edit button.
Under the Single-Factor Authentication section, select the required configurations.
Save your configuration.