Two-factor authentication other procedures

You can also use:

•     a web browser plug-in (use this if you don't have a smartphone)
•     or a hardware device (e.g. Yubikey).

I want to configure OTP on my computer web browser

You can install the Authenticator plug-in on the web browser of your computer. Note that only computers where this has been configured can be used to access ESRF applications.

• Click on the link next to your browser of choice:
  • For Firefox:  https://addons.mozilla.org/en-US/firefox/addon/auth-helper/
  • For Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/authenticator-2fa-client/ocglkepbibnalbgmbachknglpdipeoio
  • For Google Chrome: https://chrome.google.com/webstore/detail/authenticator/bhghoamapcdpbohphigoooaddinpkbai
• Install the plug-in as shown in the example below (for Firefox)
• Click on “Add to Firefox”.

• Click on “Add”. The plug-in is now installed and its icon appears next to the download icon in the top right-hand corner of Firefox.

• Open Keycloak https://websso.esrf.fr/auth/realms/ESRF/account/#/
• Click on “Signing in” under “Account security”.

• Click on “Set up authenticator application” under “Two-factor authentication”.

Another screen for 2-factor authentication will appear:

• Click on the Authenticator icon (1) at the top right-hand corner of Firefox.
• Click on the scan QR Code icon (2) and click on allow in the pop-up.

  

• Click and hold the left mouse button over the QR code to scan it.
• Click the Authenticator icon (1) again. It will display a code. Click on the code to copy it.
• Fill in this code in the field “One-time code”.
• Choose a name for your computer in the “Device name” field as indicated in the screenshot above.
• Click on “Submit”.

The configuration is now complete.

From now on, when you see the page below when logging into ESRF applications, open the plug-in, copy the code, and enter it in the field:

 

I have a hardware security key (e.g. Yubikey)

This procedure takes a Yubikey security key as an example, steps can vary depending on the model.

If you have a security key (e.g. Yubikey), you can use it instead of your smartphone or browser (if you have already configured OTP).

• Open Keycloak https://websso.esrf.fr/auth/realms/ESRF/account/#/
• Click on “Signing in” under “Account security”.

• Then click on “Set up Security Key” under “Passwordless”

You will land on this page:

• Click on “Register” (1). A pop-up window will appear. It might be in the background
• Click on its icon (2) in the taskbar to bring it in the foreground, then click on OK
• A new pop-up window will appear (it can appear in the background again) asking you to insert your security key. Please do so.
• If your key is new, choose a PIN code for this security key and click OK. Please avoid using your date of birth as PIN code.

 

• Touch the button of your security key as in the example below.

 

• Choose a name for your device in the field and click OK

The configuration is now complete.

From now on, when you see the page below when logging into ESRF applications, click on “Sign in with Security Key”.

Plug in your key (if it isn’t already in) and enter your PIN code when you see this page:

Touch your security key again to complete the connection.

Any issue during the configuration?  Call our helpdesk +33 (0)4 76 88 24 24 (Monday to Friday 8:00-12:00 and 13:00-17:00 Paris time) and tell us where in the procedure you are stuck and what is the error message that you get.