Versions Compared

Old Version 5

changes.mady.by.user Roman Harmata

Saved on

compared with

New Version Current

changes.mady.by.user Roman Harmata

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Introduction

TDS platform is utilising utilizing SSO solution based on Keycloak. That is usually standalone and users can use basic authentication procedure using username and password or multi factor authentication (MFA) with time based OTP token.

Enabling MFA

For specific user

MFA can be optionally enabled by user via user profile on portal or via OTP token reset from TDS SSO login page.

  • Go to User profile
  • Enable Enable Multi-factor Authentication (MFA) feature

For area/project

Following steps will enable Multi Factor authentication on area/project level. Members of area/project will be required to set up TDS MFA solution can be also enabled on area/project level ONLY by members with relevant owner role. Just to go to your portal area/project, open the detail menu item and enable "Multi Factor Authentication management" feature. This will automatically check whether all area/project members have TDS OTP tokens already created. People with already configured TDS OTP tokens do not need to do anything. If some users are still missing TDS OTP token, they will be forced to setup TDS OTP tokens during next sign-in using TDS password or AzureAD/ADFS integration unless they already use MFA in TDS. TDS OTP token is then required every time when signing in using TDS password.

  • Go to Area/Project configuration
  • Enable Enforce MFA for all area/project members feature

Customers using Some customers have AzureAD/ADFS integration as described in this link Single sign on - SSO#AzureADorADFSauthentication. Such customers only need to configure OTP token if they do not have it, but then they are NOT bothered with . They are not required to use TDS OTP token use for sign in as they already utilise utilize MFA capable SSO integration. In case when TDS password is attempted to be used, OTP is required.

OTP token reset

...

/enable

  • Go to TDS

...

  • Portal login screen
  • Click on Reset or enable OTP token for TDS Multi Factor Authentication (MFA)

...

OTP token configuration

During Following steps need to be executed during the first login with MFA enabled or after resetting your OTP token you will need to perform following steps.

  1. Make sure you have got Install time based OTP tokens capable application. We recommend to use some One of the following applications is recommended:

...

  2. Open the application and scan the QR code

...

Image Removed

...

  1. displayed
    1. Key code may be used in case of inability to scan the QR code. Click on Unable to scan?

...

    1.  to get the key.
  1. Enter the one-time code provided by the application and click submit to finish the setup.

...

Image Removed

...

  2. Optionally you can enter device name if asked, for example "My Windows work laptop".
  3. Click Submit.


Info

OTP token is always provided only once. It is either QR code or code visible under "Unable to scan?" button. In case you loose of the OTP token loss, use TDS OTP token reset functionality available on TDS SSO login page - OTPtokenresetorenable- see OTP token reset/enable section

Troubleshooting

One time code is not accepted

Possible reasons and solutions:

  • in case of device change or application/plugin change for OTP tokens
    • Solution - go back to log in screen and reset OTP token from there - see OTP token reset/enable section
  • date/time could be out of sync on the device generating one time codes
    • Solution - make sure device or application/plugin has time in sync
      • Google Authenticator - tap on hamburger menu (⋮) in the top right corner > Settings > Time correction for codes > Sync now.
  • if OTP does not work after time sync
    • Solution - go back to log in screen and reset OTP token from there - see OTP token reset/enable section