Using WS1 Intelligent Hub with integrated TOTP
If you want to do Multi Factor Authentication with a one time token code in the past you had some Hardware Devices, that displayed you a time based rotating “Tokencode” that could be used to login as a Second Factor. Later there where the unecure SMS or some Paper-TAN sheets used. Today this functionality is used on SmartPhones , so you do not need to carry an additional Hardware device with a lot of costs around. Apps like Microsoft Authenticator , Google Authenticator or Twilio Authy have this functionality with TOTP (Time-based One-time Password) . But also VMware Intelligent Hub has this feature Integrated and you can not just use it for Workspace ONE Access , you also can use it for other IDPs as long as they follow the RFP-6238.
Pre-requisites:
- Workspace ONE Access ( SaaS only as of writing this blog )
- Hub 22.08 for Android or iOS
- “Authenticator App” Authentication Method enabled & selected on WS1 Access Policies
While Muhammad did a blog on how to Setup TOTP with Access we now have the functionality in the Hub integrated I wont to Focus on the Hub Integration feature. Here is Blog Post: https://digitalworkspace.one/2022/06/12/intelligent-hub-verify-and-authenticator-app-saas-only%EF%BF%BC/
On the Device (Android)
If you open Hub App in the “Support” Tab there is a section for “Security” here you can touch to “Authentication” :
Here you can register the TOTP via QR-Code and also via “Setup Key” . Also you can add multiple TOTP Provider with the “+” Icon or the pencil you can modify the Settings.
Once Setup you can see the TOTP and also copy it out of Hub directly.
Demo
in this Section I want to show the Process of Registering TOTP with Hub and also using in afterwards in a sample Environment to Login with MFA.
Note: This Blog and content was created in mid August, features may be improved or changed in a future release.
vExpert, blogger and VMware champion. Worked 10 years as a VMware & Microsoft consultant for a partner before joining VMware in 2017.