Implement MFA using Google Authenticator (TOTP)

I can’t seem to find anything related to the topic in the documentation.
Was anyone able to implement MFA based on TOTP and Google Authenticator App?

Hi scavallaro4,

Thank you for reaching out to the community.

There is a use case blog available within the Community that may provide some assistance for you. This document provides a step-by-step guide on how to create a user journey in Identity Cloud that prompts the user to authenticate with TOTP for second-factor authentication.

The instruction uses the ForgeRock Authenticator app, but it’s worth noting that ForgeRock also supports other third-party OATH-compliant authenticators, such as Google Authenticator.

I hope this information helps you verify the steps you’ve taken to implement MFA using Google Authenticator (TOTP).

Best regards,

Is it possible to use authentication module and chain to perform the same operations?
Especially the device registration

Of course it is…. But why construct the use case using modules and chains when that is deprecated and at some time in the future, eol.

If I recall correctly, you will find that solution in the 5.5 documentation. It was also covered in the courseware.


HI scavallaro4

Additionally, please see the following from our KB FAQ article regarding OATH auth module compatibility: Q. Does AM work with other authenticator apps such as Google Authenticator?

A. Yes AM does support other authenticator apps such as Google or Microsoft as follows:

  • AM 7.1 and later - use the OATH Token Verifier and OATH Registration nodes.
  • AM 6.5.3 and later - use the OATH authentication module. There is a known issue prior to AM 6.5.3: IOS Google Authenticator cannot read Forgerock QR code OTP.



Note The ForgeRock Authenticator (OATH) module is not compatible with third-party authenticator apps and you should use the ForgeRock Authenticator app with this module for two-factor verification.