...

MFA can be enabled by user via user profile on portal or via OTP token reset from TDS SSO login page.

• Go to User profile
• Enable Enable Multi-factor Authentication (MFA) feature

For area/project

Following steps will enable Multi Factor authentication on area/project level. Members of area/project will be required to set up TDS OTP tokens during next sign-in using TDS password or AzureAD/ADFS integration unless they already use MFA in TDS. TDS OTP token is then required every time when signing in using TDS password.

• Go to Area/Project configuration
• Enable Multi Factor Authentication management featureEnforce MFA for all area/project members feature

Customers using AzureAD/ADFS integration only configure OTP token if they do not have it. They are not required to use TDS OTP token for sign in as they already utilize MFA capable SSO integration.

OTP token reset

...

/enable

• Go to TDS

...

• Portal login screen
• Click on Reset or enable OTP token for TDS Multi Factor Authentication (MFA)

OTP token configuration

Following steps need to be executed during

Image Removed

OTP token configuration

During the first login with MFA enabled or after resetting your OTP token you will need to perform following steps.

1. Make sure you have got Install time based OTP tokens capable application. We recommend to use some One of the following applications is recommended:
   • Browser extensions
     • Chrome
       • Authenticator by authenticator.cc
     • Edge
       • Authenticator: 2FA Client by mymindstorm
     • Firefox
       • Authenticator by mymindstorm
   •  Android
     • Google Authenticator
     • Microsoft Authenticator  Image AddedRecommended for Tietoevry users
     • Google Microsoft Authenticator
     • Twilio Authy 2-Factor Authentication
     • FreeOTP Authenticator
   • iOS
     • Google Authenticator
     • Microsoft Authenticator  Image AddedRecommended for Tietoevry users
     • Google Microsoft Authenticator
     • Twilio Authy by Authy Inc.
     • Authenticator by Matt Rubin
   • Windows Windows
     • WinAuth
   • Password Managers
     • Bitwarden
     • 1Password

...

1. Open the application and scan the QR code

...

Image Removed

...

1. displayed
   1. Key code may be used in case of inability to scan the QR code. Click on Unable to scan?

...

1. 1.  to get the key.

1. Enter the one-time code provided by the application and click submit to finish the setup.

...

Image Removed

...

2. Optionally you can enter device name if asked, for example "My Windows work laptop".
3. Click Submit.

Troubleshooting

One time code is not accepted

Possible reasons and solutions:

• if you have changed device in case of device change or application/plugin change for OTP tokens
  • Solution - go back to login log in screen and reset OTP token from there - OTPtokenresetorenablesee OTP token reset/enable section
• date/time could be out of sync on your the device where you are generating one time codes
  • Solution - make sure device or application/plugin has time in sync
    • Google Authenticator - tap on hamburger menu (⋮) in the top right corner > Settings > Time correction for codes > Sync now.
• even if OTP does not work after time sync
  • Solution - go back to login log in screen and reset OTP token from there - OTPtokenresetorenablesee OTP token reset/enable section