Table of Contents

Accounts – IPPP/Fielding and MFA

You are here:
< All Topics

At the IPPP we have implemented Two Factor Authentication (2FA/MFA) utilising One Time Passwords (OTP), this is in line with University Policy. We intend to implement One Time Passwords without reducing the usability of our systems.

This page will contain guides on how to use/modify the IPPP OTP systems but is currently a project progress log.

If you’re logged into an IPPP desktop then there will be fewer requests for your One Time Password than if you are accessing IPPP resources from elsewhere (e.g. CIS Desktops, Laptop on WiFi, Home or Externally such as Cern).

Services with MFA/OTP

  • IPPP Website
  • Laptop Cloud Storage (Seafile)
  • Gitlab

Services still due for MFA/OTP

  • Jupyter Hub Test
  • Remote SSH
  • Remote X2GO

Supported Types and Apps

  • PrivacyIdea Authenticator OTP (Push & Non-Push)
  • Microsoft Authenticator OTP (non-push)
  • Google Authenticator OTP (non-push)
  • FreeOTP
  • Feitian C100 HOTP Hardware
  • Feitian C200 TOTP Hardware (CIS Supported)
  • Yubikey OTP
  • FIDO2/WebAuthn

Emergency Access

If you lose your token we will have various methods to allow legitimate access to our systems without your original token but also ensuring the systems can remain secure. The method we chose will be case by case and situational per user.

Other

We plan on implementing MFA/OTP on grid various grid systems in the future.

We plan on implementing normal password and One Time Password self service abilities for the IPPP as part of our MFA plan.

Previous Accounts – IPPP User Account
Next Remote Access – Guacmole / GUI