Olympus Documentation What is Olympus Architecture Repo Map License Glossary

Athena API Authentication Athena API Errors Athena API Pagination Athena Settings API SDK Settings API

Environment variables

MFA methods TOTP WebAuthn Backup codes Email/SMS code Step-up auth

ReferenceMFA methods

TOTP

6-digit codes generated by an authenticator app (Google Authenticator, 1Password, Authy).

Time-based One-Time Password

Spec: RFC 6238

Provides AAL: AAL2

Summary

6-digit codes generated by an authenticator app (Google Authenticator, 1Password, Authy).

Strengths

Wide app support
Offline (no network needed for codes)
Standard

Weaknesses

Phishable (user can be tricked into typing the code on a phishing site)
Time-window sensitive (clock skew can cause failures)

Enrollment

User scans a QR code or enters the secret manually.

Recovery

If user loses the device, recovery codes (lookup_secret) or password reset are the fallbacks.

Related

Identity, TOTP and WebAuthn
Identity, MFA policy
Identity, Sessions, AAL, refresh

MFA methods

Multi-factor authentication methods supported by Olympus

WebAuthn

Cryptographic challenge-response with hardware (YubiKey, Touch ID) or passkeys.

On this page

Time-based One-Time Password Summary Strengths Weaknesses Enrollment Recovery Related