TOTP (Time-based One-Time Password) relies on synchronized time between the client (user device) and the server (in this case, the BeyondTrust appliance). Here's how this works across different time zones:

How TOTP Works Across Time Zones

TOTP doesn't rely on time zones, but rather on UTC time (Coordinated Universal Time). Here's the breakdown:

1. TOTP uses Unix time (epoch time) — the number of seconds since January 1, 1970 UTC.
2. Both the appliance and the client device generate codes based on the current UTC time and a shared secret.
3. As long as both systems are accurately synced to UTC, the time zone difference doesn't matter.

What Needs to Be True for TOTP to Work

• BeyondTrust appliance must have accurate system time (preferably synced via NTP to a reliable time source).
• User mobile devices must also have accurate time — typically handled automatically by the OS syncing with internet time servers.
• Time zone settings on either side do not affect TOTP, as long as the underlying UTC time is correct.

Troubleshooting Tips

If users report TOTP failures:

• Check if their device time is manually set or out of sync.
• Ensure the appliance is using NTP and has no drift.
• Consider allowing a small time window tolerance (e.g., ±30 seconds) in the TOTP configuration.