Two Factor Authentication - Yale University

2 Factor Login Setup Instructions

Two-Factor Authentication

Table of Contents

Overview .................................................................................................................................................. 1 Overview of Two-Factor Authentication Setup .......................................................................... 1 Setup Instructions................................................................................................................................. 2

Software-based authenticator setup ......................................................................................................... 2 eTokenPASS setup ............................................................................................................................................ 7

Token User Self-Validation ................................................................................................................ 9 Login to the cluster .............................................................................................................................10 Troubleshooting and support.........................................................................................................11

Overview

In order to improve security on the HPC clusters, ITS is installing a two-factor login system on the login nodes. Two-factor login requires the user to provide two pieces of information in order to ssh: their netid password, and a random 6 digit number that is generated via a smart phone app or hardware fob. Before you can use two-factor authentication, you will need to set up the app on your smartphone, or acquire and register a hardware fob. This document describes those processes, and also explains how to request support if you run into problems.

Overview of Two-Factor Authentication Setup

1. Select the method for generating tokens: a. Software-based authenticator (smartphone application) b. Hardware based authenticator (key fob). Please only request a fob if you do not have an appropriate software device.

2. If you need a hardware fob, please send a request to robert.bjornson@yale.edu and nicholas.carriero@yale.edu.

3. Complete the setup: a. Software-based: download the Safenet MobilePASS application from: i. iTunes Store - Apple iPhone, iPod Touch, or iPad ii. Google Play Store - Android iii. Blackberry Store ? Blackberry

1

2 Factor Login Setup Instructions b. Hardware fob: you can pick up the hardware authenticator at one of two locations around campus. 1. Central Campus: AKW210 (Computer Science Department). Please call 432-1220 to set up a time. 2. Computer Support Center ? Medical Campus in-computer-support-135-college

4. Enroll the authenticator by following the steps detailed below. 5. Test the authenticator by using the self-validation web page (see below). 6. Use the app or fob to generate your 6 digit number, which will form part of your

password when sshing to the cluster.

Setup Instructions

Software-based authenticator setup

With a smartphone in hand and while in front of the computer, please follow the steps below to set up a MobilePASS soft token. Since steps will need to be taken on both a smartphone and a computer, the instructions below are color-coded: instructions in black are to be performed on a computer and instructions in blue are to be performed on a smartphone.

1. Smartphone ? Download the Safenet mobilePass application from your app store. Once downloaded, launch the application.

2. Computer ? On your computer navigate to . 3. Computer ? Login using yale\netid as the username, and your netid password as

the password.

4. Computer ? In the Safenet Authentication Manager Self Service Center, click on "Enroll a new MobilePASS token."

2

2 Factor Login Setup Instructions

5. Computer ? Enter an optional nickname for the smartphone token. If you have multiple MobilePass accounts, you may want to consider naming them to be able to better distinguish them inside the application. If you do not want to enter a nickname, leave the default "MobilePASS" name. Please click on submit to advance to the next step in the process, which will display a specific policy string that needs to be entered into the smartphone application.

3

2 Factor Login Setup Instructions

6. Smartphone ? (Once the SafeNet Mobile Pass application is launched) click on "My Token 1"

7. Smartphone ? Click on "Manual Enrollment" 4

2 Factor Login Setup Instructions

8. Smartphone ? Enter the policy string which is displayed on the SafeNet Authentication Manager and click continue.

9. Computer ? An activation code will be displayed on the smartphone. Take this code and input it into the SafeNet Authentication Manager console. Once that is entered, click submit. 5

2 Factor Login Setup Instructions 6

2 Factor Login Setup Instructions 10. Computer ? If the activation code was entered successfully, you will receive a notice saying that "The MobilePASS token is successfully enrolled".

11. Smartphone ? Click continue. On the next screen your passcode (six-digit number) will be displayed.

eTokenPASS setup

Please follow the steps below to setup an eTokenPass hardware fob. 1. Navigate to . 2. Login to the samservice, using yale\netid as the username, and your netid password as the password. 7

2 Factor Login Setup Instructions 3. Select "Enroll a new OTP Token"

4. Enter the serial number from the eTokenPASS hardware authenticator 5. Upon receipt of the success message, your eTokenPASS software token has been

enrolled and can now be used. 8

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download