OneLogin supports both VeriSign VIP Access and Yubico's YubiKey for one-time password generation. These solutions fall the "something you have" category, which means that if you successfully authenticate, the authenticating party knows that the user has the key in their possession. This significantly reduces the chances of someone else hacking into that user's account.
Enabling OTPIn order to use OTP with OneLogin, one of your account's admins has to turn it on. This is done under Security -> OTP.
OneLogin lets you use VIP Access and YubiKey at the same time, which is an advantage if you have different users with different needs. For example, someone who works from an office all day maybe prefer YubiKey because of its easy-of-use while someone who travels may prefer VIP Access because always it's in their phone.
OTP can be required for all administrators only, all users or select users.
Registering OTP Devices
Configuring usersOnce OTP is enabled for, you will be able to register the device on the individual users as shown below. Go to People -> Users and select a user. This is also where you deregister OTP devices.
To register a YubiKey, insert the key in the USB port and press the button. This will insert a 30 long string in the field of which the first 12 will be stored on the user. These 12 character uniquely identify the key and are now tied to this user.
To register VIP Access, enter the Credential ID shown in the mobile application.
Make sure you that you register your own key before you log out, or you will not be able to log in again.
When is OTP Required?Use the required setting to enforce whether users have to use OTP at every login or just when they log in from an unknown or expired browser.
Logging inOnce OTP has been turned all, all users will see a login page as shown below. Once Email and Password have been entered, a YubiKey or VIP Access field will appear.