---
title: Configuring OATH token authentication
description: To configure OATH tokens, you must have the following items from each token manufacturer and for each supplied token model:
component: pingid
page_id: pingid:pingid_service_management:pid_configuring_oath_token_authentication
canonical_url: http://docs.pingidentity.com/pingid/pingid_service_management/pid_configuring_oath_token_authentication.html
revdate: November 15, 2022
section_ids:
  before-you-begin: Before you begin
  steps: Steps
  result: Result:
  result-2: Result:
  result-3: Result:
  example: Example:
  result-4: Result:
  example-2: Example:
  result-5: Result:
  result-6: Result:
  troubleshooting: Troubleshooting
---

# Configuring OATH token authentication

## Before you begin

To configure OATH tokens, you must have the following items from each token manufacturer and for each supplied token model:

* A token seed file. The seed file can be either:

  * A .txt file consisting of lines with a comma separating the token serial numbers and secret keys (without spaces)

  * A .csv file with the token serial numbers and secret keys in different cells (without spaces or commas)

  The secret keys are strings of hexadecimal digits.

* For each seed file, a single associated token type of either TOTP or HOTP.

* For TOTP types, a refresh interval of 30 or 60 seconds. The default is 30.

|   |                                                                                                                       |
| - | --------------------------------------------------------------------------------------------------------------------- |
|   | For HOTP types, a start counter can appended as an additional field in the seed file. If absent, it defaults to zero. |

## Steps

1. In the PingOne admin portal, go to **Setup → PingID → Configuration**.

2. Go to the **Alternate Authentication Methods** section.

   ![A screen capture of the Alternate Authentication Methods section.](_images/vkb1564020562147.png)

3. In the **Enable** column, select the **OATH Token** check box.

   ### Result:

   The **Manage OATH Tokens** modal opens.

   ![A screen capture of the Manage Oath Tokens window.](_images/gge1564021281972.png)

4. Click **Save & Manage Tokens**.

   ### Result:

   The **OATH Tokens** tab opens and shows a list of previously saved tokens.

   |   |                                                       |
   | - | ----------------------------------------------------- |
   |   | If there are no saved tokens, the list will be empty. |

   ![A screen capture of the OATH Tokens tab.](_images/trp1564021282675.png)

5. Click **[icon: plus, set=fa]Import Tokens**.

   ### Result:

   The **Import OATH Tokens** modal opens.

   ![A screen capture of the Import OATH Tokens](_images/qnk1564021284509.png)

6. Click **Choose File**.

7. Navigate to your token seed file and select it.

   ### Example:

   A user imports a single token from a file called `DAF.csv` with the following seed.

   ```
   2308734700388,6EBD59F71A634C48C4619CB33F6C385C9237C9BA
   ```

   ### Result:

   The **Import OATH Tokens** modal shows the token information.

   ![A screen capture of the Import OATH Tokens window with an imported token.](_images/jzf1564021285782.png)

8. From the **Token Type** list, select the token type.

   ![A screen capture of the Token Type list.](_images/fus1564021286418.png)

   ### Example:

   A selection of **TOTP - 6 Digits** enables the **Refresh Interval** list.

   ![A screen capture of the Refresh Interval list.](_images/kaq1564021286947.png)

   ### Result:

   The **Import OATH Tokens** modal now looks as follows.

   ![A screen capture of the Import OATH Tokens window.](_images/nrz1564021287471.png)

   |   |                                                                                            |
   | - | ------------------------------------------------------------------------------------------ |
   |   | The **Preview Record** section shows information from the first record in the `.csv` file. |

9. **Optional:** If applicable, from the **Refresh Interval** list, select the refresh interval.

10. Click **Import**.

    |   |                                                                                                                                              |
    | - | -------------------------------------------------------------------------------------------------------------------------------------------- |
    |   | To return to the **Import OATH Tokens** modal, go to **Setup → PingID → OATH Tokens**, and then click **[icon: plus, set=fa]Import Tokens**. |

    ### Result:

    The newly imported tokens appear at the top of the **OATH Tokens** list.

    ![A screen capture of the OATH Tokens tab with the newly-created entry.](_images/gdp1564021288100.png)

## Troubleshooting

* If your seed file contains entries that duplicate existing tokens, the **Incomplete Token Report** error is displayed.

  ![A screen capture of the Incomplete Token Import message showing a duplicate token.](_images/cpq1564021288975.png)

  Remove the duplicate entries from the seed file and try again.

* If your seed file is invalid, you will receive the following error message.

  ![A screen capture of the Invalid File Type error message.](_images/rfe1564021289537.png)