How to obtain the seeds for your OTP tokens

This guide explains how you can obtain the seeds (secret keys) for your OTP tokens. In most cases you will need to import the seeds file into your 2FA/MFA platform before you can assign tokens to users for them to authenticate with.

PROGRAMMABLE OTP TOKENS: If you have programmable OTP tokens then you might not need the seeds file containing the factory-programmed seeds. If you are programming the tokens using our Windows software then a seeds file will be generated by the software containing the newly programmed seeds. This is the file you will need to import into your MFA platform.

What are OTP seeds?

OTP tokens have a secret key burnt into them at production time. This value is called the "seed" and is known only to the token and the validating 2FA/MFA server. You obtain the seeds for your tokens in a file we call a "seeds file". The seeds file lists each token serial number and it's corresponding seed. Importing the seeds file into your 2FA/MFA platform informs it of these tokens and then you can assign them to users for them to authenticate with.

How do I get the seeds for my tokens?

Login to your Microcosm account
Decide whether the seeds should be sent to the same person for for every order or if you want to specify a different recipient each time you order.

For most customers the best option is to have the seeds sent to the person (or persons) in your organisation responsible for adding the tokens to your MFA platform and issuing them to users (eg, your IT Admins). On future orders the seeds will automatically be sent to that person without you needing to do anything.

However, if you are a reseller for example, you might want to control who the seeds are sent to for each order (eg, the sales person in your company or your customer). In this case you should choose to specify settings on a "per order" basis. This means that when the order is shipped you will get an email prompting you to go to the order system and configure the settings for that order. Only then will the seeds be issued.
If you choose to configure default seed settings then you can configure the format, security method and recipient on your main account page, then click Update Details.

If you want to configure settings on a per-order basis then choose that option on your account page and click Update Details. You can now click the icon on a shipped order in the Previous Orders list at the bottom of your account page. Click the icon to go to the page where you can configure the format, security method and recipient for this order.