The Google Authentication Scheme is a two-factor authentication mechanism that requires the user to enter their password as
well as a single-use token when logging in to a station. This protects a user’s account even if their password is compromised.
This authentication scheme relies on TOTP (Time-based One Time Password) and the Google Authenticator app on the user’s mobile
device to generate and verify single-use authentication tokens. Google authentication is time based, so there is no dependency
on network communication between the user’s mobile device, the station, or external servers. Since the authenticator is time
based, the time in the station and time in the phone must stay relatively in sync. The app provides a buffer of plus or minus
1.5 minutes to account for clock skew.
Prerequisites: The user’s mobile phone requires the Google Authentication app. You are working in
Workbench. The user exists in the station database.
Perform the following steps:
- Open the gauth palette and add the GoogleAuthenticationScheme to the node in the Nav tree.
- Right-click UserService, and double-click the user in the table.
The Edit view for the user opens.
- Configure the
Authentication Scheme Name as needed and click Save.
- Click the button next to
Secret Key under the user’s authenticator and follow the prompts.
- To complete the configuration, click Save.
Depending the view you are using, you may have to open the user again or refresh after saving.