Skip to content

How To?

Set up Google Authenticator in cyberelements

How to set up a 2-Factor Authentication with Google Authenticator as a TOTP (Time-based OTP)?

1. Generate a new OTP token in the admin console:

From an admin account, open the OTP Generator

Add a new OTP token and choose “OTP – Google Authenticator”

Here’s an example of a token configuration:

The Expiration Time should remain 30 seconds for a Google Authenticator configuration.

If the token’s Expiration Time is changed and the OTP generator is not configured for the same duration, an error will occur when attempting to authenticate.

This duration doesn’t set the time during which a user should type in the one-time password.

The number of digits also depends of the OTP generator. For a Google OTP, it should be set at 6.

The user attribute can be any attribute. However, it is preferable to use a “private attribute”.

The TOTP is compatible with local domains (except the default local domain) and LDAP domains.

In this example, the secret key will be stored in a user attribute named “secretKey” for a cyberelements local domain.

It is also possible to store the secret key in an LDAP user attribute of your choice. In this case, you will need to fill in the exact AD attribute name.

Generated key can be sent automatically by mail by filling in the section shown below.

2. In the cyberelements local domain, configure a secret key for the user attribute configured above

Open your cyberelements domain, in this example it is “Local”

Associate the previously created token with this domain.

If you are using an LDAP domain, specify the name of the LDAP attribute in which the secret key will be stored. If you the cyberelements local domain is used, keep this section empty. 

> The secret key setup

The key is based on the RFC3548 base 32 standard.


  • The key must contain only uppercase letters.
  • The key must have 16 characters.
  • The characters must be supported by the RFC standards (letters from A to Z and numbers from 2 to 7)

Example: ABCDEFGH12345678

For an LDAP domain:

The secret key needs to be stored in the user LDAP attribute of your choice.

For a cyberelements local domain: 

Open the concerned user.

Add a new “Label” with the security key as a value.

The 2-Factor Authentication is now ready to be used by a user account.

The Multi-Factor authentication is an easy to configure feature in cyberelements. It is an important element to establish a Zero Trust security policy. 

Would like to learn more? Book a meeting with our experts.

Try the MFA feature in cyberelements

or book a meeting with our experts

Related Articles