TOTP - Pairing Flow

This section will guide you on how to enable the 2FA option in MIB. This option is linked to the use of the LockServer service, which has already been described in this topic.

How to configure?

The first step is to enable the TOTP operation. To do this, you need to include the following configuration:

MIBAUTHORIZATIONSERVERCONFIG_LOCKSERVER_OPERATIONS=TOTP:TOTP:true

The global configuration of LockServer must also be enabled. You can see how to enable it in this section.

New tags have also been created in the dictionaries for configuring the texts displayed to the user. They are:

<?xml version="1.0" encoding="utf-8" ?>
<translations>
	<totp>
		<two_fa_field_tooltip></two_fa_field_tooltip>
		<two_fa_button_tooltip></two_fa_button_tooltip>
		<invalidcode></invalidcode>
		<validateerror304></validateerror304>
		<validateerror305></validateerror305>
		<validateerror306></validateerror306>
		<validateerror307></validateerror307>
		<validateerror401></validateerror401>
		<validateerror402></validateerror402>
		<validateerror708></validateerror708>
		<operationdisabled></operationdisabled>
	</totp>
</translations>

Important

Check if all migrations from MediaiBox.Cms.Authorization.Database.Migrations have been executed. The migration responsible for configuring the fields used by the service is 202502071220550_Mib_AddLockServerTOTPFields. To learn more about migration, see the documentation.

How to enable this option for a user?

When logging into Authorization, the LockServer information block will be displayed. Within this block, two new options are available:

Note

The LockServer information block will only be displayed if the service is enabled in the settings. Likewise, the options Enable two-factor authentication and Create TOTP will only be available if the TOTP operation is enabled.

By clicking on the Enable two-factor authentication option, the user is enabled to use the TOTP service. However, to complete the process, it is necessary to click on the Create TOTP option. This option will request a QR Code from the service integrated with LockServer for pairing the new functionality.

In the application integrated with the service, scan the displayed QR Code. A success message should be shown in the user's app, confirming the operation's success.

This flow populates two new pieces of information in the database related to the user: LOCK_TOTP_ENABLED and LOCK_TOTP_ID. These details will be used in all of the user's TOTP flows.

How do I disable this option for a user?

Simply uncheck the Enable two-factor authentication option and click Save. The information will be dissociated from the user.

Note

If the user disables/unpairs the integration with Latch, the TOTP will also be unpaired.