« Back to Strong Authentication

OneLogin Mobile OTP App

OneLogin’s Mobile One-Time Password App delivers unparalleled usability – included free with every OneLogin plan. Available on all major smartphone platforms, OneLogin OTP lets users perform multi-factor authentication with the click of a button.

Free Multi-Factor Authentication – Better Cloud Security

Secure access to your corporate VPN, Box, Google Apps, Salesforce and other cloud apps with a second authentication factor beyond user name and password. In the event that someone steals a user’s credentials, the addition of entering a one-time password is a significant barrier to prevent intruder access to your cloud apps. OneLogin’s Mobile One-Time Password App is included with every OneLogin plan.

Unparalleled Usability – The Login Process

When a user is prompted for a one-time password on OneLogin’s login page, they are asked to launch the mobile OTP app and click the Send button rather than having to type the code into the login screen. The code is sent through your phone to OneLogin where it is validated and then the user is logged in. If the user’s mobile device is not connected to the Internet via Wi-Fi or the cellular network, the user has the option to enter the one-time password via the keyboard. As soon as OneLogin receives a valid one-time password, the user is logged in.

Easy Roll-Out

Users are prompted with installation instructions when signing into their OneLogin account. Upon installation the mobile app generates a unique credential ID tied to the user in OneLogin. This ID is registered either by an administrator or by the user themselves during the sign-in process. Once registered, the user must provide a valid one-time password when signing into OneLogin.

Algorithm

OneLogin’s OTP solution is based on RFC 6238 – A Time-Based One-Time Password Algorithm, which was designed by VeriSign, Symantec and others. The RFC describes how two endpoints with synchronized clocks can exchange a secure one-time password based on the HMAC algorithm. One-time passwords are valid for 30 seconds, but the implementation of the algorithm is able to tolerate some time drift on the mobile device in order to increase reliability of the solution.

Request a Demo

Contact us at sales@onelogin.com for a demo of how OneLogin OTP can secure your cloud applications as a second authentication factor.