This topic describes registering and viewing Offline Token in an External application using Kron PAM.

Currently, users can view Offline Token in the Kron PAM mobile application. However, some customers request to view Offline Token in their own apps.

 Kron PAM server and mobile application use TOTP (Time-Based One-Time Password Algorithm) to create and view one-time tokens. The IETF RFC number is RFC 6238. See the RFC document for development on the mobile side.

 Kron PAM creates the QR codes according to the ISO/IEC 18004:2015 standards. 

As such, you can either write the QR Code and TOTP algorithms according to these standards or use any third-party libraries supporting these standards.

Kron PAM uses the following TOTP parameters:

When decoding the QR code, a key string is acquired. It is a 36-character key. You discard the first four characters and use the last 32 digits.

Developing an offline token mechanism on a mobile application

There are two main functions under this subject:


The customers need to design a QR code scanning feature on their own mobile apps. This feature should be compatible with Standard 2, which is explained above. When the QR code is scanned by the mobile app, the output string should be seen below:


'otpauth://totp/Single%20Connect%20Radius%20Account%3Aadmin%40kron.com.tr?secret=47HY4SRA V74Z72H07BQY53GDNJCLQDWSJUJV&issuer=Single%20Connect%20Radius%20Account&algorithmzSHA1'

Then the mobile app should use and record this secret key into the mobile device.

b. Generating an offline token using the pre-registered QR code

The customers need to design an offline token generation feature on their own mobile apps. This feature should be compatible with Standard 1, which is explained above. This feature should use the recorded secret key while generating the offline token with PAM OTP parameters.

Kron PAM Admin sends QR Codes to the Users via email from the Kron PAM menu.

Users scan the QR Codes on the Customer Mobile App QR Code Registration screen. Mobile Device records the QR Codes.

Customer Mobile User generates offline token on Customer Mobile Application.

Customer Mobile User uses the offline token in the required business flows on Kron PAM.

In some cases, the Mobile Application User has to register the QR codes again. When the user uses a new mobile device or loses the recorded secret key on the mobile device (during the mobile app updates), the user must re-register the QR codes. If the Mobile User has the previous email that includes the QR Code, the Mobile User can use this code. Otherwise, Kron PAM Admin may send a new email to the Mobile User.

Learn how to register and view Offline Tokens in an external application using Kron PAM. Discover the standards and parameters employed for generating and viewing one-time tokens. Develop a QR code scanning feature and an offline token generation feature 

Configuring UCMDB Credentials

Use One Time Password (OTP) in External Apps

Agent Cache Mechanism

AAPM Agent Screen

AAPM Agent Installation in Linux Environments

AAPM Agent Installation in Windows Environments

Agent Installation in Operation Systems

Add Account

Add Application Token

Kron PAM Password Vault

Using Java SDK

Using .Net SDK

Using PHP SDK

Using Python SDK

Using AAPM Agent SDKs

Adding the Agent Helm Repository

Create AAPM Agent Pod