If an end-user is associated in a realm that has a secondary authentication server configured as TOTP authentication server, then at the first time login, the user will be asked to perform the following steps.
For example: Admin associates an end-user User1 to a user-realm that has the TOTP authentication-server configured as the secondary authentication-server.
1 - After successful authentication with primary authentication-server, User1 is shown the TOTP registration page below:
2 - User1 is given a TOTP registration key in text form/QR image form and 10 backup codes. User1 can saves 10 backup codes in a safe place for using it later during authentication when end-user device is not available
3 - Now, User1 launches the SafeID/Diamond programming tool
1) Click Scan QR Code
2) Select Scan Screen
3) Select the Reader
4) Press the Connect button
5) Now, switch on the token and place it on the reader.
The tool will read out the token's serial number and time, and display them:
4 - User 1 can now press the button on the SafeID token tol generate a code
5 - Enter the token code in the registration page, in the "Enter token code that the application generates" box
6 - Click on Sign In. On successful authentication with that token code, User1 will be taken to his/her home page.