Skip to main content

Two-factor authentication for Iphone/mac users

To improve the security of your ESRF accounts, two-factor authentication has been implemented. This measure is mandatory and applies to all users.

This procedure applies to Iphone and Mac devices only. If you have an Iphone, you will also need your computer. (See this FAQ for specific issues)

Part 1: on your Iphone/Mac

It is possible to use the built-in password protection system to allow Iphone/Mac users to generate codes without having to download an app.

  • Open settings.
  • Go to Passwords, enter your password then click on the + sign as shown in the example below.

1 annoté.png          2 annoté.png

  • Type www.esrf.fr in the Website field and enter your username and passwordThen click Done.
  • Click on Set Up Verification Code...”.

2.png          3.png

  • Stay on this screen, we will return to it later in Part 2.

Part 2: on your computer

2FA0-2.png

  • Then click on “Set up authenticator application” under “Two-factor authentication”.

2FA0-3.png

 

You will see this page:

4bis.png

 

  • In the Settings app of your Iphone/Mac,
    • Select “Scan QR Code”. If you can’t scan a QR code with your device, you can select “Enter Setup Key” instead.
    • Authorize access to your camera if the app requests it.
    • Scan the QR code visible on your computer screen with your phone camera or enter the Setup Key.
    • A 6-digit code is now displayed next to “Verification code”.
  • On your computer, as shown in the screenshot above, 
    • Fill in the 6-digit code in the field One-time code”.
    • Give a name to your device in the Device name field.
    • Click on Submit.

The configuration is now complete!

From now on, when you see the page below when logging into ESRF applications, go to Settings > Passwords and look for esrf.fr. Take the code that is displayed and enter it in the field:

2FA0-6.png

FAQ

1 - How come the one-time code I enter is invalid?

Check if the time on the device where your OTP app is installed is the exact same as the one of your network (down to the minute). If it isn't, please sync it then try again.
If it is the same time, then it's possible that you took too long to follow the steps and that the "seed" expired.

In that case, delete the existing token on your device then start again from this point onward in the procedure:

Step 2: on your computer

Open Keycloak https://websso.esrf.fr/auth/realms/ESRF/account/#/

2 - I changed my phone or accidentally deleted the token and I'm not unable to log in. What can I do?

  • Click on this link: https://websso.esrf.fr/auth/realms/ESRF/account/#/
  • Click on signing in
  • Enter your username
  • Then, instead of entering your password, click on forgot password.
  • You should receive an email. Click on the link in the email.

You will be automatically redirected to a page where you can configure OTP on a new device. Please follow the procedure again to configure your new device.

3 - Why choose two-factor authentication to improve the security of ESRF accounts?

Two-factor authentication is a simple system to secure user access. If your password is stolen, your account remains inaccessible without the generated code. It can be used offline and is relatively easy to setup.

 

Any issue during the configuration?   Please call our helpdesk +33 (0)4 76 88 24 24 (Monday to Friday 8:00-12:00 and 13:00-17:00 Paris time) and tell us where in the procedure you are stuck and what is the error message that you get.