Two Factor Authorization (TFA) setup

TFA is a second-level authoriization for additional security.
It requires use of an "Authentication App"
- either on a cell phone or desktop computer

TFA General Instructions

Step by step guide to activate user account

1. Log in using your user name provided by email

When you open the site, you should be on the login page
- if not, select "Login" from the upper right

Login button is at the top right

NOTE: Wiki logins are under user names and not email addresses!

Your user name has been emailed to you
You will not enter your emial address to log in
you should, however, verify your email address so that you can reset passcode, etc.

3. Set Two Factor Authorization (TFA) for site access

To access site pages you will need to set Two-Factor Authorization (TFA)

easiest is to use a TFA app on your cell phone

Overview of steps to set TFA:

You will need an "Authenticator app" on your phone to manage your TFA logins
Enable TFA on this site in your user preferences.
Scan the QR code on your preferences page using your authenticator app
Enter the "token" (code number) from the authenticator app into your TFA setup on your preferences page
Log in again, this time using the token (code number) from your authenticator app

4. Authenticate your email address

Please authenticate your email address. If you don't have an email form the system, go to Preferences/ User profile/ Email options to set or change your email address and send and to authentication message.

Detailed instructions

Step 1: Download a two-factor authentication program

Mobile TFA apps (all free)

Click "expand" for details:

File:Account-activation 04e.jpg
Mobile Apps
Authenticator Apps for cell phones are available on Windows, Mac, IOS, or Android
- Google authenticator app (PlayStore)
- iOs 16 has TFA built in to the system
  - otherwise, Google & Microsoft authenticator apps are available on iOS
Open source: FreeOTP (from RedHat)
- here for the various FreeOTP operating system versions on github
  - including "jelling-windows" which mirrors the mobile app on desktop
Microsoft Authenticator App for Android and iOS:
- Microsoft Mobile Phone Authenticator App | Microsoft Security (with links to Apple & Google app stores)

File:Two factor authorization app Windows Store Oracle Mobile Authenticator.jpg

Oracle Windows desktop app from Windows Store

Oracle Authenticator App for mobile or desktop (free)

MOBILE: download through your App Store (Android/Apple)
- search for "Oracle Mobile Authenticator" and it will show
WINDOWS DESKTOP: go to Store
for installation, see Oracle Authenticator desktop installation shot step-by-step explanation

Running mobile & desktop FTA simultaneously

you can set two TFA apps to run at the same time
- as in one on your cell phone, the other on your desktop
just use the same "Secret Key" for both and then make sure they are producing the same token (temporary number)

Step 2: Enable Two-Factor Authorization (TFA) on your user preferences page

Click "expand" for details:

File:Account-activation 06.jpg
Enable TFA on your User/Preferences page
Go to your Special:Preferences page at the link to the top right under the user icon
- Click on drop-down menu and select "Preferences"
Under "Basic Information," go to the last option in that box, "Two-factor authentication"
- click on "Manage" button
- then click on "Enable TOTP (one time token)" button
You will then be asked to log in again
Then you will see "Enable TOTOP (one-time token)" page
using your Authenticator app, scan the QR code
- or you can use enter the "secret key" manually
Your Authenticator app will then show "Site Name: [user name]
- and display a number (your TFA "token") that will last 20-30 seconds.
On the page it will show "Step 3"
- Record securely the "Two-factor authentication secret key" and "Scratch codes"
  - you can use these to set the same TFA authorization on another app or device
  - and if you lose access to that device or app, you can re-set TFA on your app.
  - In order to change your secret key you will have to start over again under User/Preferences
    - and you will need to enter the TFA token to make any changes
Admin can reset your TFA TOTP if you get stuck

Step 3: Enter the token into the "Verification" box

the entry box is labelled on the page "Step 4: Verification"
- the box instructions read, "Enter a code from your authentication device to verify"
using your Authenticator app, enter the current "token" number

hit "Submit"

Your are now good to go!

your login will remain active on the same device until cookies are cleared
logging in on a new device or browser will require TFA

Email address authentication

In order to recieve account change and other notifcations (which you can control), please authenticate your email address. Go to Preferences/ User profile/ Email options to set or change your email address and send and to an authentication message.

User Rights

Now that you have set up TFA, you will have full read/write/edit and image or document upload rights.
Some pages are locked to Admin edit only, so let us know any suggested changes on pages you cannot edit (such as this page).
Session cache
- you will not have to re-enter the TFA Token unless you change browsers, clear cookies, or use another device.

Help!

Call, text, or email Michael Bromley

Two Factor Authorization (TFA) instructions