Google Authenticator

From Swivel Knowledgebase
Jump to: navigation, search


Overview

Google Authenticator supports the use of OATH HOTP such as used with the Swivel Token, and software tokens with a valid Seed can be used to authenticate Swivel users. Google Authenticator uses HMAC-SHA1 seeds.

Currently Swivel is not compatible with the Authenticator Time Based OATH TOTP token as Swivel tokens use a 30 second refresh, and Google Authenticator uses a 60 second refresh.


Prerequisites

Swivel 3.9.6

Google Authenticator


Configure the Swivel User

For configuring the seeds on the Swivel server see Token. Configuring a software token is similar to configuring a hardware token.

Swivel uses a Hexadecimal seed, to generate a valid seed see seed.


Configure the Google Authenticator App

Convert the Hexadecimal seed ((A-Z, 0-9) into Base32 (A-Z, 2-7 and = for padding), for Google. Google enforces a minimum seed length of 16 characters or 80-bits. The following online tool can be used for converting the seed:

http://www.darkfader.net/toolbox/convert/

Example:

Base16 seed: e0b10ee3a4bb2598c0575539529f33 (used by Swivel)

Base 32 seed: 4CYQ5Y5EXMSZRQCXKU4VFHZT (used by Google Authenticator)


Base16 to base32 example.jpg


Download the Google Authenticator from the appropriate app store.

On the Google Authenticator App select Set up account, then Enter key provided

Enter account name The Swivel user name

Enter your key The seed

Time-based change to Counter-based

Select Add

Then synchronise the token (see Token)


Google Authenticator Enter key provided.png Google Authenticator settings.png Google Authenticator settings entered.png


Google Authenticator account.png Google Authenticator OTC.png


Testing

Known Issues

Troubleshooting

Retrieved from "https://kb.swivelsecure.com/w/index.php?title=Google_Authenticator&oldid=2187"