How to Enable, or Disable, TOTP for HCL Traveler and Verse

 After a discussion with fellow HCL Ambassador David Hablewitz, I realized I did not fully explain the HCL Traveler/Verse (will just refer to it as Verse) and TOTP  issue in my blog post the other day, 

I intended to explain the pros and cons of using TOTP and Verse, but I neglected to explain how to enable or disable TOTP and what you do if you have one server or separate servers.

The how-to is what this post is about.

It is pretty easy to do in a proper environment where Verse sits on its own server.

You probably see something similar to this in your Internet Sites for the Verse server (ignore the 404 error page I was testing):

If you double-click on the head item on the Web Site, you will see where you turn TOTP on or off. I am presuming you have set TOTP up already. The option is there because of the names.ntf template changes in R12 and R12.0.1.

If you don't want TOTP, change the selected option to "Yes" instead of "Yes with TOTP."

Simple, right? 

What if you are a smaller organization that relies on one Domino server to do anything and everything? What if you don't want Verse to have TOTP, but access to applications, or mail, should have TOTP?

My suggestion from a security perspective is to create a new URL for Verse. It is easier, under R12, for you to create a unique URL for your domain and get a Let's Encrypt SSL certificate for it for free.

Sidenote: I understand that you could leave it set up as it is above and turn TOTP off for the default website. You may do this because you don't want to field tons of help desk calls from users who can't change a URL, but this route would leave your whole server in a less secure mode.

Decide on the new URL, traveler.company.com.Set it up in your internal and outside DNS.

Create the new Internet Site document for the unique domain. It may look something like this:

Don't forget to edit your Traveler URL section of the server document to accommodate this change.

And now you can restart HTTP and Traveler, and you should get prompted for TOTP at your domain, but not with Verse once outside DNS changes go into effect. So I suggest you set it up and wait till the exterior works, then cutover internally.

You will need to create all the docs, so it looks like this:

And users may have to reinstall Verse to change the URL.

Once set up, you can turn on TOTP for Verse down the road if you wish. This also lets you move the Verse server easier in the future because it is no longer tied to your server, just the URL.