When you purchase TOTP hardware tokens, they will arrive with seed data pre-programmed in to the token.
Before tokens are used with MFA services (such as Microsoft Entra), you will need to obtain the seed data (procedure below);
You will receive the seed data in a CSV file. Search for the Secret Key that matches the serial number of the token you are testing (Azure example below);
Once you have the identified the secret key for your token you will be ready to test the OTP codes that it produces using our OATH TOTP Token Generator
How to generate OTP codes using our online Oath TOTP Token Generator
First navigate to https://support.deepnetsecurity.com/tools/otp/totp.asp
- At "Secret Key", fill in the secret key (seed) data that matches the serial number of the token you are testing
- At "Secret Encoding Format", select the format that matches the format in your CSV file (for azure this will be Base32)
- At "OTP Length", select "6 digits"
- At "Hash Algorithm", select "SHA-1"
- At "Time Interval", select either "30 seconds" or "60 seconds" (this will depend upon use - e.g. for Azure you will be using 60 second intervals, but if you are emulating an authentication app you will probably need this set to 30 seconds).
When you have supplied all the details above click 
, and OTP codes will now start to be generated using the supplied seed data;
If at this point the code generated do not appear to match the codes generated on the token (the one with the matching serial number), then you should first check that the parameters supplied on this page match those in your seed data file.
If after double checking the parameters the generated OTP code still does not match then you may want to check the physical token for time drift using our CHECK CLOCK DRIFT tool.