To enable TOTP authentication, the following settings are required. ### Enable the SecondaryAuthentication parameter in Security.json [Set Parameter: Security.json](/manual/security-json) ``` "SecondaryAuthentication": { "Mode": "DefaultEnable", "NotificationType": "Totp", "CountTolerances": 1, "NotificationMailBcc": false, "AuthenticationCodeCharacterType": "Number", "AuthenticationCodeLength": 8, "AuthenticationCodeExpirationPeriod": 300 }, ``` ### Install an application that supports TOTP authentication on the authentication device Install an authentication app that supports TOTP authentication, such as Google Authenticator or Microsoft Authenticator, on your smartphone or other device for authentication. This setting must be implemented for each user who logs into the Pleasanter. # Login Process 1. If TOTP authentication is enabled, you will be taken to the confirmation code input screen after entering your regular ID/password. 2. A QR code will be displayed below When you log in for the first time.  3. After the second time, only the confirmation code entry field will be displayed. ## (First time only) Scan the QR code with the authentication app. Scan the displayed QR code with the authentication app. The following screen will appear in the authentication app. ``` ---------------------- Implem Pleasanter (Service name (fixed value)) hayato@implem.co.jp (Login ID) 012 345 (Verification code) ---------------------- ``` * The above content is a display image. The displayed content may differ depending on the authentication app. ## Enter the verification code Enter the verification code displayed in the authentication app on the login screen of Pleasanter and click the "Verify" button. If there are no problems, you will be logged in. #### About the verification code - ・The verification code is updated every 30 seconds. If it is updated, please re-enter the new code. - ・By adjusting the CountTolerances of the SecondaryAuthentication parameter in "「Set Parameter: Security.json」", you can log in even with an old confirmation code for the specified number of times. For example, if you set "CountTolerances" to "2", you can log in with both the currently displayed password and the previous password. The default setting is "1", in which case only the most recent password is valid. #### Switch to email authentication If you do not have a device that supports TOTP, you can switch to [two-step authentication by email](secondary-authentication). Click the "Authenticate by email" link below the verification code input field. The screen will switch to the verification code input field for [two-step authentication by email](secondary-authentication), so enter the verification code sent to the user's email address. ## Disconnect from the app To disconnect from the authentication app, follow the steps below. 1. Open the details screen of the user you want to disconnect in the "「User Management Function」". 2. Users logged in with TOTP authentication have "Private Key Enabled" checked. Remove this check and update the user.  3. The information registered in the authentication app will now be invalidated, and you will no longer be able to log in with the verification code. 4. If you try to log in again to Pleasanter, the QR code will appear again on the verification code entry screen. To log in, use this QR code to connect with the authentication application again.