User Tools

Site Tools


lion:2fa

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
lion:2fa [2021/09/17 16:04] – [VPN] deullion:2fa [2022/01/12 10:36] (current) – [Two-factor Authentication @ LION] deul
Line 4: Line 4:
  
 Please read this document carefully or start from [[:services:2fa#first_time_access|here]] Please read this document carefully or start from [[:services:2fa#first_time_access|here]]
-=====Introduction===== 
-  * [[:lion:2fa:introduction|Why, where and how]] 
-The process of implementing 2FA @ LION will take some time, and has the below timeline (provided everything works out as planned): 
-  * 2FA is already activated for Webmail,  
-  * next week (Tuesday September 21, 2FA will be activated for Windows Desktop login, Remote console access.  
-  * One week later (Tuesday September 28) the VPN service will be 2FA enabled.  
-  * Again one week later (Tuesday October 5) the ssh servers will require 2FA 
-  * During the second week of October all issues should be resolved and then LION will be fully 2FA compliant.  
  
 +
 +[[:services:2fa:acronyms|Note on acronyms]]
 +----
 ======Working with 2FA ===== ======Working with 2FA =====
 Below we describe in detail how to work with 2FA. It is quite straight forward once you get the hang of it. Below we describe in detail how to work with 2FA. It is quite straight forward once you get the hang of it.
  
 =====First Time Access===== =====First Time Access=====
-Before you can use 2FA we and you need to setup a few things. +{{ :lion:smartphones.jpg?200|}}{{ :lion:yubikey.jpg?100|}}Before you can use 2FA we and you need to setup a few things. 
   * **You should own a Smart Phone or own/obtain a YubiKey from the IT department**: Since during the 2FA process you need to generate **passcodes (a six digit number)** automatically based on a secret key, or enable **push authentication** you and the 2FA system have exchanged, you need a device to perform this action. This device can either be an app on a Smart Phone or a YubiKey hardware device. If you don not own a Smart Phine or cannot use that for any reason, contact the Physics IT Helpdesk to obtain a Yubikey.   * **You should own a Smart Phone or own/obtain a YubiKey from the IT department**: Since during the 2FA process you need to generate **passcodes (a six digit number)** automatically based on a secret key, or enable **push authentication** you and the 2FA system have exchanged, you need a device to perform this action. This device can either be an app on a Smart Phone or a YubiKey hardware device. If you don not own a Smart Phine or cannot use that for any reason, contact the Physics IT Helpdesk to obtain a Yubikey.
  
Line 32: Line 27:
  
 ====VPN==== ====VPN====
-VPN allows your home dektop or laptop to become part of the Physics Computer network. This will be the new way to connect to local Physics services (Tunnelier will be discontinued). +VPN allows your home desktop or laptop to become part of the Physics Computer network. This will be the new way to connect to local Physics services (Tunnelier will be discontinued). 
   * [[lion:2fa:vpn|How to use VPN and 2FA]]   * [[lion:2fa:vpn|How to use VPN and 2FA]]
-  * [[lion:2fa:rdp_via_vpn|Remote Desktop access vi VPN (and 2FA)]]+  * [[lion:2fa:oldvpn| Convert previously configured VPN to use 2FA]] 
 +  * [[lion:2fa:rdp_via_vpn|Remote Desktop access via VPN (and 2FA)]]
  
  
Line 41: Line 37:
    
  
 +----
    
 =====2FA Problems====== =====2FA Problems======
lion/2fa.1631894682.txt.gz · Last modified: 2021/09/17 16:04 by deul