| principal | Principal | | [optional] |
| secretKey | String | TOTP secret key (Base32 encoded, encrypted at rest) | |
| algorithm | AlgorithmEnum | TOTP algorithm (HmacSHA1, HmacSHA256, HmacSHA512) | |
| digits | Integer | Number of digits in the TOTP code | |
| period | Integer | Time period in seconds for TOTP rotation | |
| qrCodeUrl | String | QR code URL for provisioning authenticator apps | [optional] [readonly] |
| backupCodes | List<String> | List of backup codes (10 single-use codes for account recovery) | [optional] |
| enabled | Boolean | Whether 2FA is actively enforced for this Principal | [optional] |
| lastUsedAt | OffsetDateTime | Last time a code was successfully verified | [optional] [readonly] |
| verifiedAt | OffsetDateTime | When the Principal confirmed possession of the authenticator | [optional] [readonly] |
| id | UUID | Unique identifier for object in the system | [optional] [readonly] |
| ownerId | UUID | UUID of owner of the object in the system | [optional] [readonly] |
| createdDate | OffsetDateTime | Date of object creation | [optional] [readonly] |
| keyHash | String | Data, including hash of the key(s) used to encrypt this record. | [optional] [readonly] |
| lastAccessedById | UUID | Last user to access object | [optional] [readonly] |
| lastAccessedDate | OffsetDateTime | Timestamp of last access of object | [optional] [readonly] |
| lastModifiedById | UUID | Unique identifier for user who last modifed the object in the system | [optional] [readonly] |
| lastModifiedDate | OffsetDateTime | Date of last object modification | [optional] [readonly] |
| trashed | Boolean | Indicates if the object is trashed (soft deleted) | [optional] |