Differences

This shows you the differences between two versions of the page.

--- institute_lorentz:2fa-key [2021/06/07 09:28] – [Preliminary Actions] lenocil
+++ institute_lorentz:2fa-key [2021/10/08 09:05] (current) – [Introduction] lenocil
@@ Line 1: / Line 1: @@
-====== First-time 2FA Setup via a FIDO2 Security Key ======
+====== 2FA Setup via a FIDO2 Security Key ======
 ===== Introduction =====
@@ Line 9: / Line 9: @@
 |https://fidoalliance.org/fido2/|
-|Because 2FA via a security key offers the strongest protection against cyber criminals, the IL encourages you always to use this method to login to all IL services.|
+|Because 2FA via a security key offers the strongest protection against cyber criminals, \\ the IL encourages you always to use this method to login to all IL services.|
+|:!: If you have obtained a security key from the Lorentz Institute, you must return it upon termination of your appointment at the Institute |
 ===== Preliminary Actions =====
@@ Line 16: / Line 17: @@
 Once setup/registered, the same security key will be a valid second factor to access all IL 2FA-protected web services, the IL GNU/Linux workstations, and decrypt the disk of the IL rental laptops.
-The setup of your security key differs slightly depending on whether you have already 2FA setup under your account, for instance via TOTP, or not. Follow the workflows below that is appropriate to your situation.
+The setup of your security key differs slightly depending on whether you have already 2FA setup under your account, for instance via TOTP, or not. Follow the workflow below that is appropriate to your situation.
+===== Setup without previous 2FA in place =====
-===== Setup without previous 2FA =====
-The setup of your security key differs slightly depending on whether you have already 2FA setup under your account, for instance via TOTP, or not. Follow the workflow below depending on whether you have previously setup 2FA.
 ==== Step 1 ====
+Notify the intention of registering a private key to <support@lorentz.leidenuniv.nl>.
 Navigate to any of the Lorentz Institute SSO web applications, for instance our [[https://remote.lorentz.leidenuniv.nl|Remote Workspace]].
@@ Line 51: / Line 54: @@
 Click on //Back to application// to redirect your browser to the Lorentz Institute SSO web application from which you started the whole process or close the browser. Your setup is complete.
+===== Setup with previous 2FA in place =====
+==== Step 1 ====
+Notify the intention of registering a private key to <support@lorentz.leidenuniv.nl>.
+Navigate to any of the Lorentz Institute SSO web applications, for instance our [[https://remote.lorentz.leidenuniv.nl|Remote Workspace]].
+You will be redirected automatically to the Lorentz Institute Identity Provider login page as in **Figure 1**.
+<figure>{{:institute_lorentz:ilidp1.png?direct&300|}}<caption>Identity Provider login page</caption></figure>
+==== Step 2 ====
+Enter your IL credentials and the correct TOTP to sign in. Upon successful login, your browser will ask you to register your security key (Figure 2). Plug your security key into an available USB-A port of your PC/laptop and confirm by pressing or touching the key button ((Key confirmation actions, such as pushing or touching, depend on the key used, please read the manual of your key's vendor)).
+<figure>{{:institute_lorentz:ask-otp_mod.png?direct&400|}} {{:institute_lorentz:ilkey2_mod.png?direct&470|}}<caption>TOTP validation and Security Key Registration</caption></figure>
+==== Step 3 ====
+Once your security key has been successfully added, your browser will ask you to add a label if you wish (Figure 3). Click on `OK'. Your SK setup is completed.
+<figure>{{:institute_lorentz:ilkey3_mod.png?direct&300|}}<caption>Key registration confirmation and label</caption></figure>
 ===== Problems and Solutions =====

Computer Documentation Wiki

User Tools

Site Tools

Differences

Page Tools