Configuring OATH token authentication
Before you begin
To configure OATH tokens, you must have the following items from each token manufacturer and for each supplied token model:
-
A token seed file. The seed file can be either:
-
A .txt file consisting of lines with a comma separating the token serial numbers and secret keys (without spaces)
-
A .csv file with the token serial numbers and secret keys in different cells (without spaces or commas)
The secret keys are strings of hexadecimal digits.
-
-
For each seed file, a single associated token type of either TOTP or HOTP.
-
For TOTP types, a refresh interval of 30 or 60 seconds. The default is 30.
For HOTP types, a start counter can appended as an additional field in the seed file. If absent, it defaults to zero. |
Steps
-
In the PingOne admin portal, go to Setup → PingID → Configuration.
-
Go to the Alternate Authentication Methods section.
-
In the Enable column, select the OATH Token check box.
Result:
The Manage OATH Tokens modal opens.
-
Click Save & Manage Tokens.
Result:
The OATH Tokens tab opens and shows a list of previously saved tokens.
If there are no saved tokens, the list will be empty.
-
Click Import Tokens.
Result:
The Import OATH Tokens modal opens.
-
Click Choose File.
-
Navigate to your token seed file and select it.
Example:
A user imports a single token from a file called
DAF.csv
with the following seed.2308734700388,6EBD59F71A634C48C4619CB33F6C385C9237C9BA
Result:
The Import OATH Tokens modal shows the token information.
-
From the Token Type list, select the token type.
Example:
A selection of TOTP - 6 Digits enables the Refresh Interval list.
Result:
The Import OATH Tokens modal now looks as follows.
The Preview Record section shows information from the first record in the
.csv
file. -
Optional: If applicable, from the Refresh Interval list, select the refresh interval.
-
Click Import.
To return to the Import OATH Tokens modal, go to Setup → PingID → OATH Tokens, and then click Import Tokens.
Result:
The newly imported tokens appear at the top of the OATH Tokens list.
Troubleshooting
-
If your seed file contains entries that duplicate existing tokens, the Incomplete Token Report error is displayed.
Remove the duplicate entries from the seed file and try again.
-
If your seed file is invalid, you will receive the following error message.