This week, I have a little free time of my own and am able to continue my exploration with OpenAM. I know that HOTP (HMAC-based One Time Password) and OATH (Open Authentication) features are available in OpenAM 10.1-Xpress.
These 2 features are what customers have always been looking for, especially the financial institutions. It's great that the features are now supported out-of-the-box!
So, I went ahead to implement these new features into our existing OpenAM infrastructure.
All staff has to key in their user name and password first.
Subsequently, they will be challenged again for 2FA. 2 choices are given - HOTP which will fire an email with the OTP code; OATH where staff is to configure Goggle Authenticator on his/her mobile device.
It works like a charm!