Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| en:services:general_services:customer_portal:two_factor_authentication [2023/03/17 21:48] – [#1 Activation] 0swong | en:services:general_services:customer_portal:two_factor_authentication [2024/02/19 16:18] (current) – removed swong | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Two-Factor Authentication ====== | ||
| - | The Customer Portal provides the ability to enable a secure two-factor authentication. Each protected area can be individually selected by the user. | ||
| - | |||
| - | =====What is that?===== | ||
| - | |||
| - | To proof the identity of a user, a combination of the user name or e-mail address and password is used in general. With the two-factor authentication (2FA) a second component is added. This component should be as independent as possible from the first one and increase the certainty that the current action is performed by the corresponding user. | ||
| - | |||
| - | ====Manage Second Factor for Authentication in the Account Portal==== | ||
| - | |||
| - | The administration of second factors is possible in the customer portal. You have the option of registering SMS tokens, TOTP tokens or PUSH tokens. With the SMS Token, you receive a code to your verified telephone number. You enter this code manually in addition to your account password. With the TOTP token, you connect an authenticator app on your smartphone to your account by entering a CR code. This app generates a time-based code that you enter each time you log in, in addition to your password. With the PUSH token, you connect the privacyIDEA Authenticator app on your smartphone to your account using a QR code. Each time you log in to your account, you can conveniently confirm your identity by pressing a button in the app. | ||
| - | ====Data Protection==== | ||
| - | |||
| - | To generate the code two components are required. In addition to the QR Code transferred token, the current system time (in the case of the phone) is needed. A data connection to an external service is not necessary - the generation can thus also be carried out with activated " | ||
| - | |||
| - | The transmission of the user name associated with the domain " | ||
| - | =====Prerequisites for TOTP and PUSH Token===== | ||
| - | |||
| - | To use this feature, a mobile phone with a modern operating system and access to the corresponding App Store (or Play Store) is required, e.g.: | ||
| - | |||
| - | * Apple iOS | ||
| - | * Google Android | ||
| - | * Windows Phone | ||
| - | |||
| - | Various developers offers apps to generate a token, the most common apps are from Google and Microsoft: | ||
| - | |||
| - | * Google Authenticator ([[https:// | ||
| - | * Google Authenticator ([[https:// | ||
| - | * Microsoft Authenticator ([[https:// | ||
| - | * privacyIdea Authenticator App ([[https:// | ||
| - | To use the PUSH token, the privacyIdea Authenticator App is absolutely necessary. For TOTP it is also possible to use all other common Authenticator Apps. | ||
| - | =====Installation===== | ||
| - | |||
| - | Once an Authenticator app is installed on the personal mobile phone, the two-factor authentication can be enabled in the security section of Customer Portal (https:// | ||
| - | |||
| - | ====#1 Activation==== | ||
| - | |||
| - | ====#1 Aktivierung==== | ||
| - | |||
| - | {{: | ||
| - | |||
| - | Wählen Sie zur Aktivierung //MEIN KONTO ABSICHERN// | ||
| - | |||
| - | Tragen Sie ein Beschreibung Ihres Gerätes ein, zB Gerätenamen oder Smartphone Modell. | ||
| - | |||
| - | {{: | ||
| - | |||
| - | Nach erfolgter Generierung des notwendigen Tokens wird dieses als QR-Code angezeigt. Dieser muss mit der Authenticator App gescannt werden. | ||
| - | |||
| - | {{: | ||
| - | |||
| - | Ist dies geschehen, muss " | ||
| - | |||
| - | {{: | ||
| - | |||
| - | Um diesen Token auch zu aktivieren, muss ein von der App generierter Code eingegeben werden, dieser ist für gewöhnlich 6 Zeichen lang und nur 30 Sekunden lang gültig. | ||
| - | |||
| - | {{: | ||
| - | |||
| - | Zur Bestätigung der Identität ist eine weitere Eingabe eines gültigen 6-stelligen Codes nötig, die von der App generiert wird. | ||
| - | |||
| - | {{: | ||
| - | |||
| - | Nach erfolgreicher Registrierung des ersten Tokens wird eine Datei automatisch heruntergeladen, | ||
| - | |||
| - | {{: | ||
| - | |||
| - | Auf der Übersichtsseite sollten nun alle registrierten Tokens aufgelistet sein. Mithilfe des Papierkorbs neben dem Token, kann dieser gelöscht werden. Dies ist allerdings auch nur möglich nach Eingabe eines gültigen Tokens. | ||
| - | |||
| - | ====#2 Installation==== | ||
| - | |||
| - | The installed Authenticator app usually supports the automatic detection of a QR code, a manual input of the token is not necessary. | ||
| - | |||
| - | {{ : | ||
| - | |||
| - | After setting the QR code, the current token is automatically displayed. | ||
| - | |||
| - | {{ : | ||
| - | |||
| - | The code is generated from a combination of the token with the current time and is valid for 30 seconds. | ||
| - | |||
| - | ====#3 Usage==== | ||
| - | |||
| - | Once activated, the Customer Portal is querying the code for each password change. A dialog box is displayed to enter the code. | ||
| - | |||
| - | {{ : | ||
| - | |||
| - | ====#4 Deactivation==== | ||
| - | |||
| - | The two-factor authentication can be disabled at any time. For this purpose, the input of a code is also necessary. If a generation of the code is not possible, the recovery code, displayed during activation, can be used. | ||
| - | |||
| - | {{ : | ||