--- title: "OTP Generation" slug: "otp-generation" updated: 2026-04-09T09:49:03Z published: 2026-04-09T09:49:03Z canonical: "docs.britive.com/otp-generation" --- > ## Documentation Index > Fetch the complete documentation index at: https://docs.britive.com/llms.txt > Use this file to discover all available pages before exploring further. # OTP Generation Britive vault is used to store and manage OTP seed or Recovery/backup keys. This is useful for all applications that use MFA to log in with shared credentials. Examples are AWS root user MFA or MFA to a vendor portal. Using Britive Vault, it is easy to fetch OTP for any user who has access granted by policy approvals. A time based OTP is used which is refreshed every 30 seconds. OTP generation helps in the following ways: - Provides centralized OTP management when MFA is shared across multiple entities. For example, multiple administrators using a single Root account. - Tracks user activities of those who are using OTP using the Britive Audit log. - Helps even in case of non-human identities. Scripts can be written to fetch OTP to automate the process. ## Prerequisites You need to enable MFA authentication in the source application that you want to use. For example, a GCP account or an Azure account. There are two ways a user can use the Britive vault: - **OTP Seed**: Take a picture of the QR code displayed while enabling MFA authentication and save it as a file. This file is used later while creating a secret. If you do not have a QR code, you can use a setup key. - **Recovery Keys/Backup codes**: Save the recovery keys provided by the source application. They are used later while creating a secret. These keys are used to log in in case OTP is not working for some reason. ## Procedure ### Administrators 1. Create a secret template using OTP Seed. There are a few predefined secret templates, like *WebApp with OTP* to start with, but users have the flexibility to create their own secret templates with customized fields. For more information, see [Creating a secret template](/v1/docs/static-secret-templates). 2. Add a secret based on a secret type that uses OTP Seed. After a secret with OTP Seed is saved, it is not visible to any administrators for editing. But the QR code/Setup key can be overwritten in case the source application displays a new QR Code/Setup key or the credentials are compromised. For more information, see [Adding a Secret](/v1/docs/secrets). 3. Create a policy to grant access for users to generate OTP. For more information, see [Creating a Policy](/v1/docs/creating-policies). ### Users Users, while logging into an application that is using MFA, can get the OTP from the **My secrets** page. See [Viewing Secrets](/v1/docs/my-secrets-tab-1) for more information. ## Audit log All the user activities that are governed by policies are displayed on the **Audit Log** page. Every action displays the details about which user generated OTPs.