Quickstart
A step-by-step guide on how to quickly get started with OTP Guard.
Last updated
A step-by-step guide on how to quickly get started with OTP Guard.
Last updated
Use to install the OTP Guard application for Github. The screen should look similar to the following, but your account name and organization details may differ:
Access can be granted to only selected repositories, or all of them. This can be changed anytime.
The permissions that OTP Guard requires are extremely limited: it can only read repository metadata (Github makes this permission mandatory), organizational members (so OTP Guard knows who can actually access the app), and pull requests.
Note that OTP Guard can only read PR metadata (authors, PR descriptions, commit messages, etc) but not the actual code itself, nor can OTP Guard see the contents of PR reviews.
Click on the "Details" of the status check to drill down, and "Resolve" to authorize the PR on the OTP Guard website.
You will have a separate set of authenticators for every Github organization that you are a member of, so that authenticators can be managed independently by organization administrators.
Once an authenticator has been registered, the PR authorization process is straightforward. For a platform authenticator or security key, simply click 'Authorize' and follow the prompts. For a TOTP, enter the six-digit code and submit.
OTP Guard also needs read-write access to - the thing that gives a green and red checkmarks for PR status checks.
A Github will be created for the PR. For the best security coverage, set up on Github so that the PR can't be merged until after someone review and approves it.
When authorizing a pull request for the first time, OTP Guard will prompt you to set up an authenticator. For more information on the types of authenticators OTP Guard support, please see page.