🏁Quickstart

A step-by-step guide on how to quickly get started with OTP Guard.

1. Install the OTP Guard application for Github

Use this link to install the OTP Guard application for Github. The screen should look similar to the following, but your account name and organization details may differ:

Screenshot of the OTP Guard application installer on Github, with a list of accounts to grant permissions to - either the `josh-transfix` user or the Transfix AI organization

2. Grant OTP Guard access to organization repositories

Access can be granted to only selected repositories, or all of them. This can be changed anytime.

Screenshot of the repository permission screen on Github for OTP Guard. This shows the permissions that OTP Guard requires (read access to organization members, PRs and repository metadata), and read/write access to PR checks.

The permissions that OTP Guard requires are extremely limited: it can only read repository metadata (Github makes this permission mandatory), organizational members (so OTP Guard knows who can actually access the app), and pull requests.

Note that OTP Guard can only read PR metadata (authors, PR descriptions, commit messages, etc) but not the actual code itself, nor can OTP Guard see the contents of PR reviews.

OTP Guard also needs read-write access to checks - the thing that gives a green and red checkmarks for PR status checks.

3. Make a pull request in a repository protected by OTP Guard

A Github check will be created for the PR. For the best security coverage, set up branch protection rules on Github so that the PR can't be merged until after someone review and approves it.

Screenshot of a Github status indicator for a PR in a repository which has OTP Guard installed on it.

4. Authorize the pull request with OTP Guard

Click on the "Details" of the status check to drill down, and "Resolve" to authorize the PR on the OTP Guard website.

Drill-down on the status indicator showing how to click through to visit OTP Guard on the 'Resolve' button.

5. Register your first authenticator

When authorizing a pull request for the first time, OTP Guard will prompt you to set up an authenticator. For more information on the types of authenticators OTP Guard support, please see Authenticator Types page.

Authenticator registration screen on OTP Guard. This lists the authenticators available to choose from - TOTP, platform (WebAuthN) or security key authenticators.

You will have a separate set of authenticators for every Github organization that you are a member of, so that authenticators can be managed independently by organization administrators.

6. Finish authorizing the pull request

Once an authenticator has been registered, the PR authorization process is straightforward. For a platform authenticator or security key, simply click 'Authorize' and follow the prompts. For a TOTP, enter the six-digit code and submit.

Screenshot of the PR authorization screen in OTP Guard, for a test repository.

PreviousDocumentation NextAuthenticator Types

Last updated 1 year ago

hashtag1. Installarrow-up-right the OTP Guard application for Github

hashtag2. Grant OTP Guard access to organization repositories

hashtag3. Make a pull request in a repository protected by OTP Guard

hashtag4. Authorize the pull request with OTP Guard

hashtag5. Register your first authenticator

hashtag6. Finish authorizing the pull request