# 2FA with TOTP

Keeper Connection Manager provides support for TOTP as a second authentication factor, verifying the identities of enrolled users using authentication codes generated with the TOTP standard.

### Docker Environmental Variables

To enable TOTP add the following lines to the "environment" section of the "guacamole" service in the `docker-compose.yml` file. Only the `EXTENSIONS: totp` line is required, the rest are optional.

```
TOTP_ISSUER: "KCM"
TOTP_DIGITS: "6"
TOTP_PERIOD: "30"
TOTP_MODE: "sha1"
EXTENSIONS: "totp"
```

For example:

```
        environment:
            ACCEPT_EULA: "Y"
            GUACD_HOSTNAME: "guacd"
            MYSQL_HOSTNAME: "db"
            MYSQL_DATABASE: "guacamole_db"
            MYSQL_USERNAME: "guacamole_user"
            MYSQL_PASSWORD: "XXXXXXXXX"
            KSM_CONFIG: ""
            TOTP_ISSUER: "KCM"
            TOTP_DIGITS: "6"
            TOTP_PERIOD: "30"
            TOTP_MODE: "sha1"
            EXTENSIONS: "totp"
```

The image `keeper/guacamole` can be modified to support TOTP using environmental variables. See the TOTP\_\* variables defined in the [documentation](/keeper-connection-manager/installation/docker-compose-install/keeper-guacamole.md).

### TOTP with SAML / OIDC

Keeper Connection Manager supports the use of 2FA with TOTP in addition to supporting SAML or OIDC authentication. If TOTP is configured along with SAML, the user will be prompted for 2FA after successfully authenticating with the identity provider.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.keeper.io/keeper-connection-manager/authentication/using-totp-for-multi-factor-authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.