Setting Up Two-Factor Authentication

Prerequisites

Please make sure you have a suitable device with a working camera and then install the free Google Authenticator or Authy app, or another app that implements the TOTP (Time-based One Time Password) algorithm.

Connecting to the HPCs requires two-factor authentication (2FA) at all times, i.e. your password (the first factor), and an additional factor (the second factor).
These additional factors can be:

  • A Time-based One Time Password provided by an external generator (e.g., via Google Authenticator on your smartphone);
  • Connecting from the NIWA Network or via a NIWA VPN session.

Linking a device to your account

The next step can only be done once.

WARNING: The QR code shown in later steps is a one-time password and cannot be regenerated or displayed again. If you do not capture the QR code, or lose the device storing the code (also called a token), you will be unable to access your account and will need to contact support@nesi.org.nz to have your token deleted so another can be generated for your account.

  1. Again, log into My NeSI via your browser and click on Accounts or refresh the page and you will see an option to "Link your mobile device"
  2. Click the "Link your mobile device" button. This button will start the process to prepare your second-factor token so that you can log in to our lander node from outside of the NIWA network. After clicking on "Link your mobile device" you will be prompted for the password which you have just set and instructed to prepare your mobile device before proceeding.
  3. Open your Google Authenticator app and click on the add button and select "Scan a barcode".
  4. On the My NeSI page click "Continue" and point your camera at the QR code displayed on the screen to scan your QR code and it will be added to your phone.

The second-factor token

The 6 digit code displayed on your app can now be used as the second factor in the authentication process. 
This code rotates every 30 seconds, and it can only be used once. This means that you can only login to the lander node once every 30 seconds.

Note: You need to be an authorised member of an active project team to log in after you complete this step. If you believe you are an authorised project team member and and you are not able to log in using your credentials, please send a message to support@nesi.org.nz. In your message, please tell us your (linux) username, the project code for the NeSI project you think you belong to, and the name of the Project Owner for that NeSI Project.

You should now be able to proceed with logging in to the platforms.

 

Labels: 2fa access mfa token
Was this article helpful?
0 out of 1 found this helpful