notes.ini settings for TOTP

The following server notes.ini settings are available to customize the TOTP configuration.

Table 1. Server notes.ini settings for TOTP
Setting Description
TOTP_STEPSIZE=seconds How long, in seconds, a TOTP token is valid. Without the setting, tokens are valid for 30 seconds before they expire. Note that not all TOTP applications honor this setting.
TOTP_TIMESKEW_STEPS=TOTP_STEPSIZE factor Additional time allowed to accommodate time differences between the ID vault server and the user devices.

Specify the TOTP_STEPSIZE factor to add before and after the TOTPStepSize.

By default, the value is a factor of 1, meaning assuming default TOTP_STEPSIZE value of 30 seconds, by default an allowance of 30 seconds is added before and after.

ENABLE_IDV_CROSSDOMAIN_AUTHENTICATION=1 If directory assistance is configured for cross-domain directory lookups, add the notes.ini setting to your Domino servers. Then, when a user accesses a Domino server and the user is registered in a secondary domain, the server is able to access the ID vault in the secondary domain to manage TOTP authentication.


To help troubleshoot TOTP problems, use these settings to enable debug logging in console.log.