Startup Idea: Secure TOTP Access Management System for Internal Use

Startup idea to develop a secure system for managing TOTP-based account access on a company's intranet. The idea is to allow employees to request the TOTP codes one-time, which are provided after PGP encryption. This would reduce the need for regular resetting of TOTP, increase monitoring capabilities, and make employee access management more efficient and secure.

Our company always has had trouble keeping our accounts secure while simultaneously allowing employees to access the accounts. Many of our accounts are financial in nature and we utilize TOTP two-factor authentication for our security.

Often this means that when a new employee needs to be granted access to the account, they are given a QR code containing the secret TOTP key.

This is an issue because if an employee with access quits or especially is fired, the TOTP must be reset and reconfigured to ensure they do not retain access to the account. This wastes a lot of time.

It would be nice to have a solution we could deploy on a nginx server on our intranet which allows heavily logged one-time requests of the TOTP code. This would allow us to monitor what employees access the accounts and when they access them. It would be nice to have some sort of easy-to-implement employee ID system. If it were cryptographically verified, even better. People in our line of work are fluent in using PGP.

The ideal workflow would be this:

Employee enters username > Randomly generated code is PGP encrypted and sent to them > they decrypt the code and enter it > the next three TOTP codes are shown to the employee to allow them to make mistakes without repeating the process

This would save our company a lot of time re-locking up accounts and would vastly improve security overall. My boss would definitely pay for this.