Setting up Google authentication (GAuth)

The Google Authentication Scheme is a two-factor authentication mechanism that requires the user to enter their password as well as a single-use token when logging in to a station. This protects a user’s account even if their password is compromised. This authentication scheme relies on TOTP (Time-based One Time Password), which cannot be reused, and the Google Authenticator app on the user’s mobile device to generate and verify single-use authentication tokens. Google authentication is time based, so there is no dependency on network communication between the user’s mobile device, the station, or external servers. Since the authenticator is time based, the time in the station and time in the phone must stay relatively in sync. The app provides a buffer of plus or minus 1.5 minutes to account for clock skew.

  • The user’s mobile phone requires the Google Authentication app.

  • You are working in Workbench.

  • The user exists in the station database.

  1. Open the gauth palette and add the GoogleAuthenticationScheme to the Services > AuthenticationService > AuthenticationSchemes node in the Nav tree.
  2. Right-click UserService, and double-click the user in the table.
    The Edit view for the user opens.
  3. Configure the Authentication Scheme Name as needed and click Save.
  4. Under Authenticator, click the button next to Secret Key.
    The Set Up Authenticator window opens.
  5. Scan the displayed bar code with your Google Authenticator app, follow the steps in the app, and click OK.


    The Confirm Token window opens.
  6. In the Confirm Token entry field, enter the 6-digit token displayed in the Google Authenticator app, and click OK.


    Note: The OTP (One-Time Password) code cannot be reused with Gauth. Ensure that you use a newly generated OTP code for the initial login.
  7. To complete the configuration, click Save.
    Depending the view you are using, you may have to open the user again or refresh after saving.