ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

CA Advanced Authentication - implement TOTP feature using CA Mobile OTP

book

Article ID: 237648

calendar_today

Updated On:

Products

CA Strong Authentication CA Advanced Authentication - Strong Authentication (AuthMinder / WebFort)

Issue/Introduction

We need to implement TOTP feature as 2nd factor in our environment and would like to use standard authenticators like Google, Microsoft, Authy to validate the TOTP and enroll the Authenticator for TOTP.

1. Can we implement above using CA Strong Auth APIs? If yes, please provide the APIs link for implementation

2. Is it mandatory to use CA Mobile Authenticator app to provide TOTP feature or can we use standard authenticator apps like Google.

Environment

Release : 9.1

Component :Strong Authentication

Resolution

1. Yes there are API's available to provision the CA Mobile OTP credentials. You can use SDK, Web services or Rest API feature for this. Here is the link for the Rest API document link.

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/advanced-authentication/9-1/building/rest-based-api/ca-strong-authentication-rest-api.html
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/advanced-authentication/9-1/building/rest-based-api/ca-strong-authentication-rest-api/credential-issuance-api.html

There is SDK available for CA Mobile OTP app if you would like to use this in your Mobile application and that can be found in the documentation as well.

2. CA Mobile OTP is based upon cryptography camouflaged and it is secure than any other OTP applications available, The generated OTP is encrypted with a PIN and correct PIN only will generate the correct OTP, a wrong PIN will still generate the OTP but that will not be valid. Other providers like Google, Microsoft authenticator generated OTP will not work for us so it is mandatory to use our Mobile application which is called CA Mobile Authenticator and supports both PUSH and OTP generation.