Setting up TOTP Two-Factor Authentication with an Authenticator App

Time-based One-Time Password (TOTP) authentication uses a 6-digit security code generated on your phone by an authenticator app (such as Microsoft Authenticator or Google Authenticator). The code changes every 60 seconds and is used in addition to your username and password when logging in.

This article explains how to set up TOTP 2FA in SIX ERP using the MFA Management screen and a compatible authenticator app.

1. Prerequisites

Before you start, make sure you have:

• A smartphone or device you will use as your second factor.

• An installed authenticator app, for example:

  • Microsoft Authenticator

  • Google Authenticator

  • Or another TOTP-compatible authenticator

2. Open MFA Management in SIX ERP

1. Log in to SIX ERP with your username and password.

2. In your personal menu, find and click the MFA menu item.

3. In the MFA section, click MFA Management.

You will now see a list of available MFA methods for your account (including the TOTP/Authenticator method).

3. Enable the Authenticator App method

On the MFA Management screen:

1. Locate the MFA method corresponding to your Authenticator App (e.g. “Google Authenticator”, “Authenticator App”, or similar label).

2. Next to this method, you will see a small slider (toggle) to enable or disable it.

3. Click the slider to enable the method.

The method is now active in configuration, and you can proceed with pairing your authenticator app via QR code.

4. Prepare your Authenticator App on your phone

On your phone:

1. Open your installed Authenticator App (e.g. Microsoft Authenticator or Google Authenticator).

2. Look for an option such as:

   • “Add account”

   • “Add” / “+”

   • “Scan QR code” or “Scan a QR Code”

Do not proceed with manual code entry unless specifically instructed; the recommended way is to scan the QR code.

5. Display and scan the QR Code in SIX ERP

Back in SIX ERP, on the MFA Management screen for the Authenticator method:

1. Click on the QR code icon next to the Authenticator method.
   This will open or display a QR Code on your screen.

2. On your phone, in the authenticator app, choose “Scan QR Code”.

3. Point your phone’s camera at the QR Code displayed in SIX ERP.

   

4. Wait until the app confirms the account has been added.

As soon as the pairing is successful, the authenticator app should start showing 6-digit security codes for your SIX ERP account.

6. Confirm codes are generated in your Authenticator App

Once the QR Code has been scanned successfully:

• Your authenticator app should display:

  • A 6-digit security code for your SIX ERP account.

  • A timer/indicator showing how long the code remains valid (e.g. a countdown bar or seconds).

These codes automatically rotate every 60 seconds.

If you do not see a code (or see an error):

• Verify you scanned the correct QR Code in SIX ERP.

• Try removing the entry and scanning the QR Code again.

• Make sure your phone’s date and time are set automatically, as incorrect time can break TOTP codes.

7. Save TOTP configuration in SIX ERP

To finalize and actually enable Authenticator-based logins:

1. Return to the MFA Management screen in SIX ERP.

2. Make sure:

   • The Authenticator method slider is still enabled (ON).

   • You have successfully added the account in your authenticator app.

3. Click SAVE in SIX ERP to store your changes.

If you forget to click SAVE, the configuration might not be applied, and you may not be prompted for Authenticator codes at the next login.

8. Logging in with your Authenticator App

After you have enabled and saved TOTP in MFA Management:

1. On your next login to SIX ERP:

   • Enter your username and password as usual.

2. If credentials are correct and TOTP is enabled, SIX ERP will show a Two-Factor Authentication screen asking for a 6-digit code.

3. Open your Authenticator App on your phone.

4. Find the code for your SIX ERP account.

5. Enter the current 6-digit security code into the field in SIX ERP.

6. Submit/confirm the code to complete login.

If the code is valid and entered in time, you will be logged in successfully.

9. Timing and code expiration (very important)

TOTP codes are time-based and only valid for a short period (normally 60 seconds). There are two different timers involved:

1. Timer in the Authenticator App (on your phone)

   • Shows how long the current 6-digit code remains valid.

   • When it reaches 0, a new code is generated.

   • This timer determines whether the code is still valid.

2. Timer on the SIX ERP screen

   • You may see a timer counting down from 60 to 1 on the login/2FA screen.

   • This is a session-related timer (how long the system will wait for a code).

   • It has nothing to do with the timer in the authenticator app.

What happens if you’re too slow?

• Once you initiate a login, you only have a limited time (e.g. 60 seconds) to enter a valid code.

• If:

  • You enter a code after it expired, or

  • You run out of time on the SIX ERP 2FA screen,

• Then the session will reset, and you will need to:

  1. Login again with username and password.

  2. Re-enter a fresh 6-digit code from your authenticator app.

10. If you lose your phone or Authenticator access

If you:

• Lose your phone,

• Replace your device,

• Or uninstall the authenticator app without copying the account,

you will no longer be able to generate TOTP codes and therefore cannot log in using the Authenticator method.

In that case:

• Contact your administrator or support team.

• They can:

  • Disable TOTP for your account temporarily, or

  • Enable another 2FA method (e.g. Email 2FA, WhatsApp/Viber if available), or

  • Help you re-register a new authenticator app/device.

See also:

Two-Factor Authentication in SIX ERP
Security in SIX ERP
Setting up email two-factor authentication
Setting up two-factor authentication with WhatsApp
Troubleshooting two-factor authentication
Best Practices for maintaining secure connections to your ERP