Howto configure user and enroll a token

LinOTP only uses read access to user databases. This short howto will guide you to define a local user store and enroll a token for a user.

Defining user store

In the Web Management UI go to LinOTP Configuration -> UserIdResolver to define a new location, where your users are.

On the dialog IdResolver click the button New and choose to create a flatfile resolver. In the dialog choose a name like "localusers" and leave the filename untouched as /etc/passwd. This will make LinOTP see all your local users.

To finally see the users you need to define a realm. So go to LinOTP Configuration -> Realms and click the button New to create a new realm. Choose a realm name like local or realm1 and select the UserIdResolver you just created.

Save it.

When you now go to the userview you should see the list of all your local user accounts.

Enrolling a token

Now we are going to enroll a Google Authenticator. You can install the Google Authenticator on your iPhone or Android via the corresponding App Stores.

In the userview select the user who should get this new token.

On the left sidebar click the button enroll.

In the enrollment dialog select the token type HMAC event based and check the box Seed will be generated by the server.

When you now click enroll LinOTP will create a secret Seed and generate a QR Code, which you can scan with the Google Authenticator App.

When you have scanned the QR code click OK and now you can set an additional PIN for this token. Set a pin like topSecret and click set PIN.

Congratulations, you enrolled your first token!

Test it

Point your browser to /auth/index where you get a test login page. Here you can enter the username and the OTP PIN plus the OTP value.

Create a new OTP value on your Google Authenticator and authenticate with