This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
institute_lorentz:2fa-pc [2021/03/15 08:54] – [Step 3] lenocil | institute_lorentz:2fa-pc [2021/04/13 07:32] (current) – [Step 1] lenocil | ||
---|---|---|---|
Line 13: | Line 13: | ||
==== Step 1 ==== | ==== Step 1 ==== | ||
- | Navigate to any of the Lorentz Institute SSO web applications, | + | Navigate to any of the Lorentz Institute SSO web applications, |
You will be redirected automatically to the Lorentz Institute Identity Provider login page as in **Figure 1**. | You will be redirected automatically to the Lorentz Institute Identity Provider login page as in **Figure 1**. | ||
Line 20: | Line 20: | ||
==== Step 2 ==== | ==== Step 2 ==== | ||
- | Enter your IL credentials to sign in. Upon successful login, you will be redirected to a page containing a QR code. Click on " | + | Enter your IL credentials to sign in. Upon successful login, you will be redirected to a page containing a QR code. Click on " |
Note the secret key, the algorithm, the number of digits, and the time interval. You will need them in Step 3. | Note the secret key, the algorithm, the number of digits, and the time interval. You will need them in Step 3. | ||
Line 32: | Line 32: | ||
< | < | ||
- | Generate a OTP by clicking on //Entries -> TOTP -> Show TOTP// and paste it to | + | Generate a OTP by clicking on //Entries -> TOTP -> Show TOTP//. Insert this TOTP in the //One-time code// form input and, if you wish, a label in the form input called //Device Name//. This label is meant to help you keep track with which device the **secret key** has been shared. Click on // |
- | < | + | |
+ | < | ||
+ | |||
+ | ==== Step 4 ==== | ||
+ | If Step 3 succeeds (errors might occur if there is too much lag time, i.e. the OTP expired), the system will send you an email to your private (not @lorentz) e-mail address with [[institute_lorentz: | ||
+ | |||
+ | < | ||
+ | |||
+ | ==== Step 5 ==== | ||
+ | Verify your identity by visiting your private email inbox. You should have received an email from the Lorentz Institute Identity Provider ((Details of this email are not disclosed here to prevent phishing.)). Open that email and __copy__ (for instance using on most platforms Control-C or right-mouse click copy) the secret code in the body of the message. Visit https:// | ||
+ | |||
+ | < | ||
+ | |||
+ | |||
+ | ==== Step 6 ==== | ||
+ | |||
+ | Click on //Back to application// | ||
+ | |||
+ | ===== Problems and Solutions ===== | ||
+ | |||
+ | |I cannot setup 2FA/access the system| Make sure we have your private email address on record| | ||
+ | |I lost my smartphone/ | ||
+ | |How do I disable 2FA?| 2FA is mandatory on all SSO web services and to access our SSH server | | ||
+ | |My TOTP is incorrect| Make sure your phone' | ||
+ | |My OTP secret is compromised| Notify < |