If an end-user is associated in a realm that has a secondary authentication server configured as TOTP authentication server, then at the first time login, the user will be asked to perform the following steps.
0 - Initial login page .... username + password ....
1 - After successful verification of the user's password, the user is shown the TOTP registration page below:
2 - A TOTP registration key in text form and QR code is displayed on the screen, as well as 10 backup codes. The user can save those 10 backup codes in a safe place for using it later during authentication when a token is not available
3 - Now, the user should launche the SafeID/Diamond programming tool
1) Click Scan QR Code
2) Select Scan Screen
3) Select the Reader
4) Press the Connect button
5) Now, switch on a SafeID token and place it on the reader.
The tool will read out the token's serial number and time, and display them:
4 - The user can now press the button on the SafeID token to generate a code
5 - Enter the token code in the registration page, in the "Enter token code that the application generates" box
6 - Click on Sign In. On successful authentication with that token code, the user will be taken to his/her home page.