Using Token2 programmable hardware tokens with ZeroTier

ZeroTier combines the capabilities of VPN and SD-WAN, simplifying network management. It is an encrypted virtual network backbone,
allowing multiple machines to communicate as if they were on a single network.The code is all open source, and you can self-host
the controller or use the ZeroTierOne service with either free or paid plans.
ZeroTier supports two MFA methods: an authenticator application (mobile app like Google Authenticator) and Security key.
The guide below will show you the steps for enabling MFA using our programmable tokens (as a replacement for authenticator application).

Requirements:

• A ZeroTier account
• Any of the Token2 TOTP programmable tokens
• An app for provisioning the programmable tokens (NFC burner or USB Config tool, depending on the model). The list of compatible apps is available here.

Step 1. Enable the 2FA method

1. Log into your ZeroTier account and click 'Account' then 'Authentication/Manage Account'. Then click 'Signing in'.



2. Click 'Set up authenticator application' next to 'authenticator application'.



3. A QR code will be displayed in the browser that you will scan using one of the provisioning tools in the next step.



Step 2. Provision the token




  • Launch the NFC burner app on your Android device and hit the "QR" button



  • Point the camera to the QR code shown on the account page. Upon a successful QR scan, the camera window should disappear
  • Turn on the token and touch it with your phone (make sure it is overlapped by the NFC antenna) and click "Connect" on the app
  • Upon successful connection, click the "Burn seed" button (the button will become active only if NFC link is established).



  • A message box similar to the one below will be shown upon successful completion

Follow the steps below to perform setting the seed for your token using Windows App.

1. Launch the exe file, then select the NFC device from the drop-down list and click on "Connect". You should see a message box notifying about a successful operation.

Token2 NFC Burner app for Windows


2. Enter or paste the seed in base32 format, or use one of the QR scanning methods to populate this field

3. Place the token onto the NFC module and wait for its serial number to appear

Token2 NFC Burner app for Windows

4. Click on "Burn seed" button. A log entry with the serial number and "Successful operation" text will be logged in the log window.

Token2 NFC Burner app for Windows


  • Launch the NFC burner app on your iPhone device and hit the "scan QR" button



  • Point the camera to the QR code shown on the account page. Upon a successful QR scan, the camera window should disappear and the seed field will be populated with the hex value of the seed. Touch the Burn button to continue.
  • When an NFC prompt similar to the one below is shownm, turn on the token and touch the top of your iPhone with the token.


  • A message box similar to the one below will be shown upon successful completion

Please note that the procedures above are shown only as examples and are valid to single profile TOTP tokens only. The procedure for multi-profile and USB-programmable devices are similar but slightly different

Step 3. Verify the OTP

After the token provisioning is done, turn the token off and back on. Enter the OTP provided by the hardware token and click 'Submit'. Provide a Device name to help manage OTP devices.
Now you have successfully enabled Token2 programmable token to protect your account. You will be prompted to enter the OTP each time you log in to your ZeroTier account.