General ConfigurationLast updated: 20 January 2026
This section covers Control Panel configuration for JCOGS OTP Pro: global settings, role enforcement, delivery providers, payloads, and audit logging.
Where to find these elements in the JCOGS OTP Pro Control Panel
- Settings (global + roles):
Add-ons → JCOGS OTP Pro - Role Requirements:
Add-ons → JCOGS OTP Pro → Role Requirements - Providers:
Add-ons → JCOGS OTP Pro → Providers - Payloads:
Add-ons → JCOGS OTP Pro → Payloads - Audit Logs:
Add-ons → JCOGS OTP Pro → Audit Logs
What each section covers
- System Settings: master enable/disable, defaults, and security limits (attempts/lockout, backup codes, trusted devices).
- Role Requirements: whether OTP is required/optional/disabled per role, plus delivery channel allowlists/defaults (including multi-role “most restrictive” resolution).
- Delivery Providers: transports that can send a payload (for example Email), plus enable/disable and provider testing.
- Payloads: what is delivered (for example Code, Magic Link) and how payloads can be extended by companion add-ons.
- Audit Logging: the security event log, retention intent, and export.
System Settings
This panel holds settings that control whether JCOGS OTP Pro is enabled, its default behaviours, and its basic security limits. These settings are managed in the OTP Pro Control Panel.
Enable OTP System
Master switch for JCOGS OTP Pro. When disabled, OTP enforcement and delivery are turned off.
Default Delivery Channel
Specify the fallback channel to be used when a member has no configured channel and no role policy provides a default.
- authenticator requires no delivery.
- email:code sends a code by email (if the Email provider is available and enabled).
Maximum Validation Attempts
Limits repeated incorrect submissions. After this many failed OTP validations, the member is locked out for the configured lockout duration.
Lockout Duration
How long a member must wait after exceeding attempts.
The value is stored in seconds (for example 900 = 15 minutes).
Security Settings
Require OTP for SuperAdmins
When enabled, the SuperAdmin role is forced to Required regardless of the role table selection.
Remember Device Duration
Controls how long “trusted device” logins remain valid before OTP is required again.
Backup Codes
Enables backup codes as an alternative verification method if a member cannot access their normal delivery channel.
Backup Codes Count
The number of backup codes generated when a member creates a new set.
Sample Templates
OTP Pro includes optional sample templates and assets to help you get started quickly. The Control Panel can install a template group and copy CSS/JS assets into your chosen theme path.
Role Requirements
OTP Pro can enforce OTP setup for specific member roles. Role requirements are configured in the Control Panel role table.
Required / Optional / Not Required
- Not Required: OTP is disabled for the role.
- Optional: Members may enable OTP, but it is not enforced.
- Required: Members must configure OTP (after any grace period).
Grace Period
A grace period allows members time to configure OTP before enforcement begins. Grace period is configured in days.
Allowed Delivery Channels
You can restrict which delivery channels a role is allowed to use. If you specify allowed channels, members in that role cannot select delivery channels outside the list.
Default Delivery Channel (per role)
When set, this overrides the global default delivery channel for members in that role. If left blank, the global default delivery channel is used.
Usage Notes
When a member has multiple roles, OTP Pro applies the “most restrictive” policy (the most onerous combination). This affects both whether OTP is required and which delivery channels are allowed.
Usage Notes
SuperAdmins
If the global setting “Require OTP for SuperAdmins” is enabled, SuperAdmins are forced to Required and have no grace period.
Providers
Delivery providers are the components that send a prepared message to the recipient. OTP Pro ships with two built-in providers (authenticator app and basic email) and can be extended by companion add-ons.
Enabled vs Available
The Providers list in the add-on settings panel shows two separate status conditions:
- Enabled – the provider is not globally disabled in OTP Pro settings.
- Available – the provider reports that it can operate in this environment (for example, Email requires a working EE email configuration).
Testing Providers
Use the provider testing screen to validate configuration (recipient, test payload, and best-effort error reporting).
Usage Notes
Disabling providers
Providers can be disabled globally. Disabled providers are not offered as selectable delivery channels and are not considered “available” for members.
Payloads
Payloads define what the member receives. For delivery channels, payloads are paired with a transport to form a delivery channel.
Code Payload
A short numeric code intended to be typed into a verification form.
This is the built-in payload shipped with OTP Pro.
Magic Link Payload
A one-click login/verification link
Magic Link payloads require the installation of a companion add-on to become available within OTP Pro.
Usage Notes
Transport compatibility
Some payloads may only support specific transports. OTP Pro will only offer compatible payloads when building selectable delivery channels.
Audit Logs
Audit logs record security-relevant OTP events such as validation success/failure. Logs are viewable from the Audit Logs section of the JCOGS OTP Pro Control Panel.
Enable Audit Logging
When enabled, OTP Pro records OTP validation and security events.
What gets logged
OTP Pro logs event types such as:
otp_enabled/otp_disabledcode_validated/code_failedbackup_code_useddevice_remembered/device_revokedlockoutdelivery_method_changed
Retention
Control how long logs are intended to be retained. You can also manually clear logs from the Audit Logs screen.
Export
Logs can be exported as CSV for further analysis.
Usage Notes
Security note
Audit logs are security data. Restrict Control Panel access appropriately and treat exports as sensitive.