OTP Guard
  • 🏡Documentation
  • 🏁Quickstart
  • 🎈Authenticator Types
  • 🖼️Security Images
  • 🎣Phishing Resistance
  • 🔐Github Security Best Practices
  • 👟Step Up Authentication
Powered by GitBook
On this page

Quickstart

A step-by-step guide on how to quickly get started with OTP Guard.

PreviousDocumentationNextAuthenticator Types

Last updated 11 months ago

1. Install the OTP Guard application for Github

Use this link to install the OTP Guard application for Github. The screen should look similar to the following, but your account name and organization details may differ:

2. Grant OTP Guard access to organization repositories

Access can be granted to only selected repositories, or all of them. This can be changed anytime.

The permissions that OTP Guard requires are extremely limited: it can only read repository metadata (Github makes this permission mandatory), organizational members (so OTP Guard knows who can actually access the app), and pull requests.

Note that OTP Guard can only read PR metadata (authors, PR descriptions, commit messages, etc) but not the actual code itself, nor can OTP Guard see the contents of PR reviews.

OTP Guard also needs read-write access to checks - the thing that gives a green and red checkmarks for PR status checks.

3. Make a pull request in a repository protected by OTP Guard

A Github check will be created for the PR. For the best security coverage, set up branch protection rules on Github so that the PR can't be merged until after someone review and approves it.

4. Authorize the pull request with OTP Guard

Click on the "Details" of the status check to drill down, and "Resolve" to authorize the PR on the OTP Guard website.

5. Register your first authenticator

When authorizing a pull request for the first time, OTP Guard will prompt you to set up an authenticator. For more information on the types of authenticators OTP Guard support, please see Authenticator Types page.

You will have a separate set of authenticators for every Github organization that you are a member of, so that authenticators can be managed independently by organization administrators.

6. Finish authorizing the pull request

Once an authenticator has been registered, the PR authorization process is straightforward. For a platform authenticator or security key, simply click 'Authorize' and follow the prompts. For a TOTP, enter the six-digit code and submit.

🏁
OTP Guard installer on Github
Grant OTP Guard access to organization repositories
Check request for OTP Guard
Click 'resolve' to authorize the PR with OTP Guard
Registering an authenticator with OTP Guard for the first time
Authorizing a pull request with OTP Guard
Screenshot of the OTP Guard application installer on Github, with a list of accounts to grant permissions to - either the `josh-transfix` user or the Transfix AI organization
Screenshot of the repository permission screen on Github for OTP Guard. This shows the permissions that OTP Guard requires (read access to organization members, PRs and repository metadata), and read/write access to PR checks.
Screenshot of a Github status indicator for a PR in a repository which has OTP Guard installed on it.
Drill-down on the status indicator showing how to click through to visit OTP Guard on the 'Resolve' button.
Authenticator registration screen on OTP Guard. This lists the authenticators available to choose from - TOTP, platform (WebAuthN) or security key authenticators.
Screenshot of the PR authorization screen in OTP Guard, for a test repository.