Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
OATH time-based one-time password (TOTP) is an open standard that specifies how one-time password (OTP) codes are generated. OATH TOTP can be implemented using software to generate the codes. Microsoft Entra ID doesn't support OATH HOTP, a different code generation standard.
Software OATH tokens
Software OATH tokens are typically applications such as the Microsoft Authenticator app and other authenticator apps. Microsoft Entra ID generates the secret key, or seed, that's input into the app and used to generate each OTP.
The Authenticator app automatically generates codes when set up to do push notifications so a user has a backup even if their device doesn't have connectivity. Third-party applications that use OATH TOTP to generate codes can also be used.
OATH token icons
Users can add and manage OATH tokens at Security info, or they can select Security info from My account.
| Token registration type | Icon |
|---|---|
| OATH software token |  |
Related content
Learn more about how to manage OATH tokens. Learn about FIDO2 security key providers that are compatible with passwordless authentication.