- Print
- PDF
OTP Generation
- Print
- PDF
Britive vault is used to store and manage OTP seed or Recovery/backup keys. This is useful for all applications that use MFA to log in with shared credentials. Examples are AWS root user MFA or MFA to a vendor portal. Using Britive Vault, it is easy to fetch OTP for any user who has access granted by policy approvals. A time based OTP is used which is refreshed every 30 seconds. OTP generation helps in the following ways:
- Provides a centralized OTP management when MFA is shared across multiple entities. For example, multiple administrators using a single Root account.
- Tracks user activities who are using OTP using Britive Audit log.
- Helps even in case of non-human identities. Scripts can be written to fetch OTP to automate the process.
Prerequisites
You need to enable MFA authentication in source application that you want to use. For example, GCP account or an Azure account. There are two ways a user can use Britive vault:
- OTP Seed: Take a picture of the QR code displayed while enabling MFA authentication and save it as a file. This file is used later while creating a secret. If you do not have a QR code, you can use a setup key.
- Recovery Keys/Backup codes: Save the recovery keys provided by source application. They are used later while creating a secret. These keys are used to login in case OTP is not working for some reason.
Procedure
Administrators
- Create a secret template using OTP Seed. There are a few predefined secret templates like WebApp with OTP to start with but users have a flexibility to create their own secret templates with customized fields. For more information, see Creating a secret template.
- Add a secret based on a secret type which uses OTP Seed. After a secret with OTP Seed is saved, it is not visible to any administrators for editing. But QR code/Setup key can be overwritten in case the source application displays a new QR Code/Setup key or the credentials are compromised. For more information, see Adding a Secret.
- Create a policy to grant access for users to generate OTP. For more information, see Creating a Policy.
Users
Users while logging into application that is using MFA, can get the OTP from the My Secrets page. See Viewing Secrets for more information.
Audit log
All the user activities that are governed by policies are displayed in Audit Log page. Every action displays the details about which user generated OTPs.