Save, Share and Generate Virtual TOTP MFA Tokens
The benefits of enforcing the use of Multi-factor Authentication (MFA) tokens or One-Time Passwords (OTP) are obvious with personal accounts, but what if you could extend these security benefits to your shared accounts too?
For example, when using a Privileged Access Management (PAM) solution like Xton Access Manager (XTAM), you can securely save and share the login credentials of your various shared administrative accounts. However, if you were to enforce the use of MFA with this shared account, then it reverts to more of a personal experience where someone would need to be in the possession of the device that generates and displays the token.
Now with XTAM, a user can safely store the Virtual TOTP Secret Key in an XTAM record, share this record with others and with a click of their mouse, XTAM will generate them a valid OTP token. And because this Secret Key is stored in a secured record, the existing XTAM features including role-based permissions, approval workflows and auditing trails can be used to control, limit or report access.
In summary, using XTAM you can now enforce the use of MFA when logging into the product and you can provide the ability to generate Virtual TOTP tokens for those shared accounts that are being managed for “just in time” access.
Additionally, it could be a great way to backup your Virtual TOTP secret key(s) in case your device is lost or broken.
To Generate Virtual TOTP MFA Tokens in XTAM
Login to XTAM with a System Administrator account
Navigate to Administration > Record Types, locate the type named Virtual TOTP MFA and click its Edit button.
Uncheck the Hidden checkbox and click Save.
Return to the XTAM Record List, click the Add Record button and select this Virtual TOTP MFA type.
Create your new record as needed:
- Name: enter a record name.
- Description: enter a record description.
- Secret Key: enter the Virtual TOTP Secret Key assigned to the managed account.
Click Save and Return when complete.
After the record is saved, now you can use the Execute > Access TOTP Token option to generate your TOTP token. Tokens have a 30 second expiration period so if it does expire prior to use, simply click the Access TOTP Token option again for the new token.