Prerequisites for TOTP authentication

An overview of the prerequisites for TOTP authentication.

  • Current time

    All Domino providing TOTP authentication services should be set to the correct and current time. Failure to provide the correct time on the OS level will lead to authentication issues or failures. Preferably the operating system Domino is running on is set to automatically sync it's time with a local or Internet based time server.

  • TLS Certificate

    Configure Domino to use TLS certificates. For more information, see Managing TLS certificates with Certificate Manager

  • ID Vault

    Ensure configuring an ID Vault. Make sure the ID vault server runs Domino 12 and the ID vault database is upgraded to the Domino 12 idvault.ntf template design. All users of TOTP need to be "vaulted" that means they have to have their ID file added to the vault correctly.

  • Certifier ID File

    In order to issue a Multi-Factor Authentication Certificate, the certifier ID file for the organizational unit for which TOTP should be enabled should be located in the Domino data directory. The ID file can be removed from the Domino data directory once the step Issuing a Multi-Factor Authentication Certificate is successfully completed. Make sure you have it stored safely somewhere else before deleting.

  • Domino 12 or higher templates

    Your domcfg.nsf is based on a Domino 12 or higher "Domino Web Server Configuration" template.