For managing creating, deleting soft tokens click on the Manage Soft Token Tile. A soft token is a mobile app, such as Google Authenticator that will provide a code adhering to the TOTP standard. End users may then enter that code as part of a two-step verification process. APIs are provide to generate the secret key as well as the QR code and to validate a user-entered code.
The process is outlined in the diagram, below:
1. List Soft Tokens
Select your account or any of the subaccounts you have access to from the drop-down box and it will list all registered users for this client along with their soft token maximum retry count available and soft token creation date.
2. Register Soft Tokens
In case you are not using the API for registering a Soft Token for a user, you may click on Generate Soft Token button and a dialogue box will open.
Enter a user identifier (email id, name, mobile number) in the text box and click on Create. It will open a new dialogue box which will be having new generated soft token for this user and client id combination and QR code. Soft token and QR code will be shown only once to user.
On the mobile app, the soft token may be manually entered, or if the app supports the ability to read the QR code, simply point the mobile device’s camera at the QR code to configure the mobile app (such as Google Authenticator).
3. Deactivate Soft Tokens
For deactivating a soft token click on user and client id combination which needs to be deactivated and a Soft Token Information Dialog will popup.
Click on the Deactivate Soft Token Button and a confirmation dialogue box will open.
Click on Confirm and user will be deactivated, and list of registered users will be refreshed on UI.