This guide shows how to implement TOTP authenticator apps for MFA. You can follow the same approach for step-up auth or adaptive MFA.
Configure TOTP in the Authsignal Portal
- Navigate to the Authenticators section and click Manage Authenticator App.
- Activate the TOTP authenticator in the next screen.
Grab your Authsignal credentials
Head to Settings and grab your Tenant ID, API URL and API secret key. Add them as environment variables in your project:Implementation
1. Backend - Track an action
When a user performs an action that requires authentication, your backend should track the action. You can use our Server SDK or Server API to track the action. The code snippets in this guide references the SDKs.Learn more about the different action outcomes.
2. Frontend - Challenge the user
If the action state isCHALLENGE_REQUIRED
, proceed with the TOTP challenge using either our Web SDK, Mobile SDKs or Client API.
3. Backend - Validate the challenge
After the user completes the challenge, validate the token on your backend:Next steps
- Adaptive MFA - Set up smart rules to trigger authentication based on risk
- Email OTP - Add email-based OTP codes as an alternative method
- SMS OTP - Add SMS-based OTP codes as another option
- Passkeys - Offer the most secure and user-friendly passwordless authentication