Computer Documentation Wiki

User Tools

Site Tools

Trace: onedrive laptopprint winscp mfa_easier file_upload_linux fedora_37 fedora windows
institute_lorentz:2fa-key

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
institute_lorentz:2fa-key [2021/06/07 09:27] lenocilinstitute_lorentz:2fa-key [2021/10/08 09:05] (current) – [Introduction] lenocil
Line 1: Line 1:
-====== First-time 2FA Setup via a FIDO2 Security Key ======+====== 2FA Setup via a FIDO2 Security Key ======
  
 ===== Introduction ===== ===== Introduction =====
Line 9: Line 9:
 |https://fidoalliance.org/fido2/| |https://fidoalliance.org/fido2/|
  
-|Because 2FA via a security key offers the strongest protection against cyber criminals, the IL encourages you always to use this method to login to all IL services.|+|Because 2FA via a security key offers the strongest protection against cyber criminals, \\ the IL encourages you always to use this method to login to all IL services.
 +|:!: If you have obtained a security key from the Lorentz Institute, you must return it upon termination of your appointment at the Institute |
 ===== Preliminary Actions ===== ===== Preliminary Actions =====
  
-Make sure your security key is FIDO2-compatible by checking the vendor's website or obtain one from the Lorentz Institute IT Department.   If you obtain a security key from the IL, you are **required** to return it upon termination of your contract at the IL and you are **obliged** to notify <support@lorentz.leidenuniv.nl> in case of key loss or theft. If you would like to use your private security key, notify <support@lorentz.leidenuniv.nl> your intention to register this device so that you can be guided through the procedure.+Make sure your security key is FIDO2-compatible by checking the vendor's website or obtain one from the Lorentz Institute IT Department.   If you obtain a security key from the IL, you are **required** to return it upon termination of your contract and you are **obliged** to notify <support@lorentz.leidenuniv.nl> in case of key loss or theft. If you would like to use your private security key, notify <support@lorentz.leidenuniv.nl> your intention to register this device so that you can be guided through the procedure.
  
 Once setup/registered, the same security key will be a valid second factor to access all IL 2FA-protected web services, the IL GNU/Linux workstations, and decrypt the disk of the IL rental laptops. Once setup/registered, the same security key will be a valid second factor to access all IL 2FA-protected web services, the IL GNU/Linux workstations, and decrypt the disk of the IL rental laptops.
  
-The setup of your security key differs slightly depending on whether you have already 2FA setup under your account, for instance via TOTP, or not. Follow the workflows below that is appropriate to your situation.+The setup of your security key differs slightly depending on whether you have already 2FA setup under your account, for instance via TOTP, or not. Follow the workflow below that is appropriate to your situation. 
 + 
 +===== Setup without previous 2FA in place =====
  
-===== Setup without previous 2FA ===== 
-The setup of your security key differs slightly depending on whether you have already 2FA setup under your account, for instance via TOTP, or not. Follow the workflow below depending on whether you have previously setup 2FA. 
 ==== Step 1 ==== ==== Step 1 ====
 +Notify the intention of registering a private key to <support@lorentz.leidenuniv.nl>.
 +
 Navigate to any of the Lorentz Institute SSO web applications, for instance our [[https://remote.lorentz.leidenuniv.nl|Remote Workspace]]. Navigate to any of the Lorentz Institute SSO web applications, for instance our [[https://remote.lorentz.leidenuniv.nl|Remote Workspace]].
  
Line 51: Line 54:
  
 Click on //Back to application// to redirect your browser to the Lorentz Institute SSO web application from which you started the whole process or close the browser. Your setup is complete.  Click on //Back to application// to redirect your browser to the Lorentz Institute SSO web application from which you started the whole process or close the browser. Your setup is complete. 
 +
 +===== Setup with previous 2FA in place =====
 +==== Step 1 ====
 +Notify the intention of registering a private key to <support@lorentz.leidenuniv.nl>.
 +
 +Navigate to any of the Lorentz Institute SSO web applications, for instance our [[https://remote.lorentz.leidenuniv.nl|Remote Workspace]].
 +
 +You will be redirected automatically to the Lorentz Institute Identity Provider login page as in **Figure 1**.
 +<figure>{{:institute_lorentz:ilidp1.png?direct&300|}}<caption>Identity Provider login page</caption></figure>
 +
 +==== Step 2 ====
 +
 +Enter your IL credentials and the correct TOTP to sign in. Upon successful login, your browser will ask you to register your security key (Figure 2). Plug your security key into an available USB-A port of your PC/laptop and confirm by pressing or touching the key button ((Key confirmation actions, such as pushing or touching, depend on the key used, please read the manual of your key's vendor)).
 +
 +<figure>{{:institute_lorentz:ask-otp_mod.png?direct&400|}} {{:institute_lorentz:ilkey2_mod.png?direct&470|}}<caption>TOTP validation and Security Key Registration</caption></figure>
 +
 +==== Step 3 ====
 +
 +Once your security key has been successfully added, your browser will ask you to add a label if you wish (Figure 3). Click on `OK'. Your SK setup is completed.
 +
 +<figure>{{:institute_lorentz:ilkey3_mod.png?direct&300|}}<caption>Key registration confirmation and label</caption></figure>
 +
  
 ===== Problems and Solutions ===== ===== Problems and Solutions =====
institute_lorentz/2fa-key.1623058047.txt.gz · Last modified: by lenocil

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki