# MFA-Authenticator apps (TOTP)

This section explains how to use **Authenticator Apps (TOTP)** as a Multi-Factor Authentication (MFA) method, including:

* How to set up an authenticator app
* How TOTP verification works during sign-in
* What happens after successful setup

> 📌 This guide covers **Time-based One-Time Password (TOTP)** authentication only.\
> Email-based MFA and o=passkeys are documented separately.

***

### I am new. Where should I start? <a href="#i-am-new.-where-should-i-start" id="i-am-new.-where-should-i-start"></a>

If you want **stronger security than email codes**, authenticator apps are recommended.

An authenticator app:

* Generates a **time-based one-time code** on your device
* Works even **without internet access**
* Is harder to compromise than email

Common authenticator apps:

* [Google Authenticator](https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2\&hl=en)
* [Microsoft Authenticator](https://play.google.com/store/apps/details?id=com.azure.authenticator\&hl=en)
* [Authy](https://www.authy.com/)
* [1Password (TOTP)](https://support.1password.com/one-time-passwords/?mac)

***

### Purpose <a href="#purpose" id="purpose"></a>

Authenticator-based MFA adds a second security factor by requiring a **temporary code generated on your personal device**, ensuring:

* Only users with physical access to the device can sign in
* Protection against phishing and email compromise
* Compliance with higher security requirements

***

### Prerequisites <a href="#prerequisites" id="prerequisites"></a>

Before setting up an authenticator app, make sure that:

* Your account is created and signed in
* **Multi-Factor Authentication (MFA)** is enabled
* You have installed an authenticator app on your mobile phone or tablet

&#x20;

***

### I already understand. How do I proceed step by step? <a href="#i-already-understand.-how-do-i-proceed-step-by-step" id="i-already-understand.-how-do-i-proceed-step-by-step"></a>

#### Step 1: Enable Multi-Factor Authentication <a href="#step-1-enable-multi-factor-authentication" id="step-1-enable-multi-factor-authentication"></a>

1. Go to **Account → Security**
2. Turn on **Multi-Factor Authentication**

![3.png](blob:https://silvertiger.atlassian.net/22d22481-de85-4ee3-b65a-a01e0f1f9be8#media-blob-url=true\&id=3a09c670-d9ac-41a7-81a8-1b3963ab1650\&collection=contentId-204145482\&contextId=204145482\&width=1811\&height=888\&alt=3.png)

&#x20;

> ⚠️ Email verification is enabled by default when MFA is turned on.\
> Authenticator App is an **additional** method you can add.

***

#### Step 2: Set Up Authenticator App <a href="#step-2-set-up-authenticator-app" id="step-2-set-up-authenticator-app"></a>

1. In **Security → Multi-Factor Authentication**
2. Select **Authenticator App**
3. Click **Set up authenticator app**
4. Turn on **Authenticator app**\ <br>

&#x20;

***

#### Step 3: Scan QR Code <a href="#step-3-scan-qr-code" id="step-3-scan-qr-code"></a>

1. Open your authenticator app on your device
2. Choose **Add account**
3. Scan the QR code shown on the screen\ <br>

   &#x20;

> If you cannot scan the QR code, you can manually enter the setup key.

***

#### Step 4: Verify Setup <a href="#step-4-verify-setup" id="step-4-verify-setup"></a>

1. Enter the **6-digit verification code** generated by the authenticator app
2. Click **Confirm**\ <br>

&#x20;

✅ Authenticator App MFA is now successfully enabled.

***

### Sign-In Flow with Authenticator App <a href="#sign-in-flow-with-authenticator-app" id="sign-in-flow-with-authenticator-app"></a>

Once Authenticator MFA is enabled:

1. Enter your **email and password**
2. Select **Authenticator App** as the verification method
3. Select **Authenticator** as the verification method.\ <br>

&#x20;

4. Open your authenticator app on your mobile phone or iPad.

If you have not installed an authenticator app, install one before continuing.

&#x20;

* Enter the verification code displayed in the app.\ <br>

&#x20;

* Sign-in completes automatically after successful verification.

***

### Security Notes <a href="#security-notes" id="security-notes"></a>

* TOTP codes refresh every **30 seconds**
* Codes are **single-use and time-limited**
* Authenticator apps work **offline**
* You can keep Email MFA enabled as a backup method
* You can remove or reset the authenticator app from **Security settings**

***

### Troubleshooting <a href="#troubleshooting" id="troubleshooting"></a>

**Lost your device?**

* Use Email verification (if enabled) to sign in
* Reset MFA from account security settings

**Code not working?**

* Ensure your device time is set automatically
* Wait for the next code refresh and try again

***

### Summary <a href="#summary" id="summary"></a>

| Item              | Description                               |
| ----------------- | ----------------------------------------- |
| MFA Method        | Authenticator App (TOTP)                  |
| Setup Required    | QR code or manual key                     |
| Used During       | Sign-in after password                    |
| Internet Required | No                                        |
| Security Level    | High                                      |
| Best For          | Users needing stronger account protection |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://oten.gitbook.io/identity-support/user-guide/account-management/account-security/multi-factor-authentication-optional/mfa-authenticator-apps-totp.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.