Visit the Token Management web page to log in to this Token Management page.Ī list of one or more tokens should then be displayed. Tip #5: Test – and if needed, reset – your token or its PIN Tip #4: Check that, in your SSH command or in the configuration for your SSH application, you’re using the correct hostname for the cluster’s front-end/login nodes,, or for its Data Transfer Node, Tip #3: Check that, in your SSH command or in the configuration for your SSH application, you’re using your correct login name (i.e., your Linux user name) on the cluster Then enter that new password, immediately after your PIN, at the Password: prompt. If the ‘countdown clock’ indicator in the Google Authenticator app is nearing its end, signifying that the existing password is about to expire, try waiting until a new one-time password has been displayed. Tip #2: Wait to enter the one-time password until a new one has just been displayed Tip #1: Make sure you’re including the PIN as part of your passwordĪt the Password: prompt, make sure that you’re entering your token PIN, followed immediately by the 6-digit one-time password from Google Authenticator. If you’ve already set up your token but are unable to log into the cluster successfully – here’s what to try: IMPORTANT : When you access the resource remember to type the token PIN first followed the OTP from the GA app at the password prompt.įor instance, if your PIN was 9999 (hint: don’t use this example as your own PIN!), and the one time-password currently displayed by Google Authenticator was 123456, you’d enter the following at the Password: prompt: (Note: If your device does not already have a QR code reader app installed, the Google Authenticator app may first lead you through the process of installing one.) This will store the token in GA app and its now ready to generate One Time Passwords. In the Google Play store or iOS App Store on your smartphone or tablet, search for and install Google Authenticator (GA), Microsoft Authenticator, Authy and Duo.īack on your smartphone or tablet, from the menu of the Google Authenticator app, select ‘Add an account” and then “Scan a barcode”. Step #1: Download and Install Google Authenticator on a mobile device. This has a significant setup cost and in person verification if you are interested in this, please email HPCS support at for additional assistance. Lastly, it is also possible to use a YubiKey as your MFA. But if you need a desktop app, you can try to use the Authy desktop app by using the instructions in this link. There are also desktop apps, but they somewhat negate the advantage of MFA being “something you have with you”. (Note, Duo is supposed to work, but at least two users have run into time sync problem between the Duo implementation and the LBL Radius server, thus at this time, Duo is NOT recommended). There are many such apps, some of the popular ones and known to work are Google Authenticator (GA), Microsoft Authenticator, and Authy. As the name implies, you can use an OTP only once.Īll users are required to install and use an Authenticator app in their smart phones and configure it to generate OTPs. With MFA, you authenticate using your password plus a “one-time password” (OTP). MFA provides greater protection than regular passwords against phishing and other modern threats to your digital security. All users are required to use Multi-Factor Authentication (MFA) for logging into IT HPC resources such as the Lawrencium cluster and other scientific computing clusters managed by HPCS.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |