TOTP Seed Upload

This is a Beta feature. To see about participating in this Beta program, please refer to the Beta Programs page.


With this feature, you can upload seeds to Okta via the API and have Okta authenticate the TOTP generated by any source. For example, use an existing hard token solution such as RSA SecureID to generate the OTP and Okta will authenticate the end user.

Important Notes about this Beta Release

Using this feature

Use the API to enroll for Google Authenticator with the following fields to the request (added below in blue) to upload the seed:

curl ­v ­X POST \
­H "Accept: application/json" \
-H "Content­Type: application/json" \
­H "Authorization: SSWS ${api_token}" \
­d '{
"factorType": "token:software:totp",
"provider": "GOOGLE",
"profile": {
"timeStep": 30,
"sharedSecret": "ABCDEFGHIJKLMNOP",
"encoding": "base32",
"keyLength": 16

The seed can be used in any device that is capable of creating a TOTP such as RSA. If you have a .CSV file of seeds mapped to users, you can loop through this file and upload the given seed for that user.