Two Factor Authorization (TFA) instructions

Revision as of 15:47, 14 May 2024 by Bromley (talk | contribs) (Created page with "----__NOINDEX__ __NOTOC__ == Two Factor Authorization (TFA) setup== * TFA is a second-level authoriization for additional security. * It requires use of an "Authentication App" ** either on a cell phone or desktop computer = TFA General Instructions = == Step by step guide to activate user account== == 1. Log in using your user name provided by email == * When you open the site, you should be on the login page ** if not, select "Login" from the upper right Login but...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Two Factor Authorization (TFA) setup

  • TFA is a second-level authoriization for additional security.
  • It requires use of an "Authentication App"
    • either on a cell phone or desktop computer

TFA General Instructions

Step by step guide to activate user account

1. Log in using your user name provided by email

  • When you open the site, you should be on the login page
    • if not, select "Login" from the upper right

Login button is at the top right

NOTE: Wiki logins are under user names and not email addresses!

  • Your user name has been emailed to you
  • You will not enter your emial address to log in
  • you should, however, verify your email address so that you can reset passcode, etc.

3. Set Two Factor Authorization (TFA) for site access

To access site pages you will need to set Two-Factor Authorization (TFA)

  • easiest is to use a TFA app on your cell phone

Overview of steps to set TFA:

  1. You will need an "Authenticator app" on your phone to manage your TFA logins
  2. Enable TFA on this site in your user preferences.
  3. Scan the QR code on your preferences page using your authenticator app
  4. Enter the "token" (code number) from the authenticator app into your TFA setup on your preferences page
  5. Log in again, this time using the token (code number) from your authenticator app

4. Authenticate your email address

  1. Please authenticate your email address. If you don't have an email form the system, go to Preferences/ User profile/ Email options to set or change your email address and send and to authentication message.

Detailed instructions

Step 1: Download a two-factor authentication program

Mobile TFA apps (all free)

Click "expand" for details:



File:Two factor authorization app Windows Store Oracle Mobile Authenticator.jpg
Oracle Windows desktop app from Windows Store

Oracle Authenticator App for mobile or desktop (free)

Running mobile & desktop FTA simultaneously

  • you can set two TFA apps to run at the same time
    • as in one on your cell phone, the other on your desktop
  • just use the same "Secret Key" for both and then make sure they are producing the same token (temporary number)


Step 2: Enable Two-Factor Authorization (TFA) on your user preferences page

Click "expand" for details:



  • File:Account-activation 06.jpg
    Enable TFA on your User/Preferences page
    Go to your Special:Preferences page at the link to the top right under the user icon
    • Click on drop-down menu and select "Preferences"
  • Under "Basic Information," go to the last option in that box, "Two-factor authentication"
    • click on "Manage" button
    • then click on "Enable TOTP (one time token)" button
  • You will then be asked to log in again
  • Then you will see "Enable TOTOP (one-time token)" page
  • using your Authenticator app, scan the QR code
    • or you can use enter the "secret key" manually
  • Your Authenticator app will then show "Site Name: [user name]
    • and display a number (your TFA "token") that will last 20-30 seconds.
  • On the page it will show "Step 3"
    • Record securely the "Two-factor authentication secret key" and "Scratch codes"
      • you can use these to set the same TFA authorization on another app or device
      • and if you lose access to that device or app, you can re-set TFA on your app.
      • In order to change your secret key you will have to start over again under User/Preferences
        • and you will need to enter the TFA token to make any changes
  • Admin can reset your TFA TOTP if you get stuck


Step 3: Enter the token into the "Verification" box

  • the entry box is labelled on the page "Step 4: Verification"
    • the box instructions read, "Enter a code from your authentication device to verify"
  • using your Authenticator app, enter the current "token" number
  • hit "Submit"

Your are now good to go!

  • your login will remain active on the same device until cookies are cleared
  • logging in on a new device or browser will require TFA

Email address authentication

In order to recieve account change and other notifcations (which you can control), please authenticate your email address. Go to Preferences/ User profile/ Email options to set or change your email address and send and to an authentication message.

User Rights

  • Now that you have set up TFA, you will have full read/write/edit and image or document upload rights.
  • Some pages are locked to Admin edit only, so let us know any suggested changes on pages you cannot edit (such as this page).
  • Session cache
    • you will not have to re-enter the TFA Token unless you change browsers, clear cookies, or use another device.

Help!

Call, text, or email Michael Bromley

Have fun!