Generate, Save and Share Virtual MFA TOTP Tokens

The benefits of enforcing the use of Multi-factor Authentication (MFA) tokens or One-Time Passwords (OTP) are obvious with personal accounts, but what if you could extend these security benefits to your shared accounts too?

 

For example, when using a Imprivata Privileged Access Management (PAM) solution, you can securely save and share the login credentials of your various shared administrative accounts.

However, if you were to enforce the use of MFA with this shared account, then it reverts to more of a personal experience where someone would need to be in the possession of the device that generates and displays the token.

Now with PAM, a user can safely store the Virtual TOTP Secret Key in an record, share this record with others and with a click of their mouse, the System will generate them a valid OTP token.

And because this Secret Key is stored in a secured record, the existing system features including role-based permissions, approval workflows and auditing trails can be used to control, limit or report access.

In summary, using PAM you can now enforce the use of MFA when logging into the product and you can provide the ability to generate Virtual TOTP tokens for those shared accounts that are being managed for “just in time” access.

 

Additionally, it could be a great way to backup your Virtual TOTP secret key(s) in case your device is lost or broken.

To Generate Virtual TOTP MFA Tokens in the System

  1. Login to the System with a System Administrator account
  2. Navigate to Administration > Record Types, locate the type named Virtual TOTP MFA and click its Edit button.
  3. Uncheck the Hidden checkbox and click Save.
  4. Return to the System Record List, click the Add Record button and select this Virtual TOTP MFA type.
  5. Create your new record as needed:
    • Name: enter a record name.

    • Description: enter a record description.

    • Secret Key: enter the Virtual TOTP Secret Key assigned to the managed account.

  6. Click Save and Return when complete.

  7. After the record is saved, now you can use the Execute > Access TOTP Token option to generate your TOTP token. Tokens have a 30 second expiration period so if it does expire prior to use, simply click the Access TOTP Token option again for the new token.

    FAQ-Generate-TOTP-Token.png

    FAQ-Generate-Google-Authentication-Token-Output.png