Introduction
TDS platform is utilizing SSO solution based on Keycloak. That is usually standalone and users can use basic authentication procedure using username and password or multi factor authentication (MFA) with time based OTP token.
Enabling MFA
For specific user
MFA can be enabled by user via user profile on portal or via OTP token reset from TDS SSO login page.
For area/project
Following steps will enable Multi Factor authentication on area/project level. Members of area/project will be required to set up TDS OTP tokens during next sign-in using TDS password or AzureAD/ADFS integration unless they already use MFA in TDS. TDS OTP token is then required every time when signing in using TDS password.
- Go to Area/Project configuration
- Enable Multi Factor Authentication management feature
Customers using AzureAD/ADFS integration only configure OTP token if they do not have it. They are not required to use TDS OTP token for sign in as they already utilize MFA capable SSO integration.
OTP token reset or enable
Go to TDS SSO login and TDS OTP token reset functionality to either reset your forgotten OTP token or to enable MFA for your account if did not have it yet:
OTP token configuration
During the first login with MFA enabled or after resetting your OTP token you will need to perform following steps.
- Make sure you have got time based OTP tokens capable application. We recommend to use some of the following applications:
- Browser extensions
- Android
- iOS
- Windows
- Password Managers
2. Open the application and scan the QR code:
Unable to scan? There is also a key code available.
3. Enter the one-time code provided by the application and click submit to finish the setup.
OTP token is always provided only once. It is either QR code or code visible under "Unable to scan?" button. In case you loose the OTP token, use TDS OTP token reset functionality available on TDS SSO login page - OTPtokenresetorenable
Troubleshooting
One time code is not accepted
Possible reasons and solutions:
- if you have changed device or application/plugin for OTP tokens
- Solution - go back to login screen and reset OTP token from there - OTPtokenresetorenable
- date/time could be out of sync on your device where you are generating one time codes
- Solution - make sure device or application/plugin has time in sync
- Google Authenticator - tap on hamburger menu (⋮) in the top right corner > Settings > Time correction for codes > Sync now.
- Solution - make sure device or application/plugin has time in sync
- even if OTP does not work after time sync
- Solution - go back to login screen and reset OTP token from there - OTPtokenresetorenable