Two-Factor Authentication (2FA)

Since now, access to the computing resources with 2FA is required.

All the computing services where the access with IPA is needed such as HPC login system, Nextcloud, Confluence, Indico or the OpenStack Dashboard need to access with the "Password+OTP code" (all in a row, without the "+" symbol).

The OTP code is a one-time password, also known as a dynamic password, used as a second authentication factor in addition to the commonly used username and password. It is only valid once, so even if an attacker manages to get hold of it, he/she cannot reuse it.

To enable this method in freeipa, must follow the next steps:

1. Install an App such as Authy or similar app for OTP generator (Google Authenticator or Microsoft Authenticator, FreeOTP, ... alternative apps page), to your Mobile Device. 

Authy      Microsoft Authenticator         

This application will give us the OTP codes generated through the token created, this code will change every 30sg and will be valid only once.

Note: RSA authenticator (SecurID) application gives some problems.

2. Login as usual at IFCA Auth System (https://auth01.ifca.es or https://auth02.ifca.es) using your credentials (User / Password)

2. This is your user area

3. As a user, access to the token area

4. As a user, add the OTP token.

5. Add the new token and you will generate the QR code that you will have to scan with your chosen mobile device App   (Section 1 - Install an App)

6. You will see the QR code or token that you need to enter in your mobile app   (Installed in step 1 - Authy, Google Authenticator, Microsoft Authenticator, FreeOTP, ... ).

7. Now you will see your token created and enable in your user area

8. Logout freeipa

9. OTP Token Synchronization

Before you can log in with 2FA for the first time, you must synchronize the OTP token. For this purpose, in the login window to the IPA server, select the Sync OTP Token option.

10. Fill in the username and your password, then enter the first code that appears in the Authy/OTP App in the First OTP field and the next code (appearing after 30sg) in the Second OTP field.

11. How to use OTP Token Synchronization
      Now when you try to access to IFCA systems you must enter your passwd followed by the OTP code showed in the Authy/OTP app.

If you have any questions, please contact us at [computing.support@ifca.unican.es]