Document 2FA #161

UPPMAX · Dec 20, 2024 · 975d239 · 975d239
1 parent 7605269
commit 975d239
Show file tree

Hide file tree

Showing 8 changed files with 96 additions and 4 deletions.
diff --git a/docs/getting_started/get_uppmax_2fa.md b/docs/getting_started/get_uppmax_2fa.md
@@ -31,7 +31,7 @@ Some of the points in the list below are link you can click on for more detailed
 ### 1. Select an app to use
 
 Select an app to use.
-See [here](https://www.uu.se/en/centre/uppmax/get-started/2-factor/app-selection)
+See [here](../software/2fa_apps.md)
 for an overview.
 
 ### 2. Go to https://suprintegration.uppmax.uu.se/bootstrapotp/
@@ -50,7 +50,7 @@ Click on 'Continue'.
 ### 3. You will be sent to SUPR
 
 You should be sent to
-[SUPR](https://www.uu.se/en/centre/uppmax/get-started/2-factor/supr).
+[SUPR](../getting_started/supr.md).
 
 In case you are not logged in already, log in to SUPR.
 
@@ -65,16 +65,22 @@ Scan the QR-code with a second factor authentication app of your choice
 in your smart phone. For example "Google Authenticator" by Google
 or "Authy" by Authy Inc.
 
-More details [here](https://www.uu.se/en/centre/uppmax/get-started/2-factor/qr).
+More details [here](get_uppmax_2fa_qr.md).
 
 ### 6. Enter the code on the webpage
 
 Your application will show you a code, enter this code on the same webpage.
 
+More details [here](get_uppmax_2fa_qr_code.md).
+
 ### 7. See acknowledgement that the new two factor has been registered.
 
 You should see an acknowledgement that the new two factor has been registered.
 
+???- question "How does that look like?"
+
+    ![The final page](./img/get_uppmax_2fa_qr_code.png)
+
 ### 8. Wait for a confirmation email
 
 It will take some time before your second factor is imported to our systems.
@@ -87,7 +93,8 @@ by giving the current code from the app when asked for.
 
 Advanced usage and alternative setups (without smart devices).
 
-Once your token has been activated you can use the temporary code generated by your application to login.
+Once your token has been activated you can use the temporary code generated by
+your application to login.
 
 After this procedure, it takes around 15 minutes before you can use
 the 2FA to log in.

diff --git a/docs/getting_started/get_uppmax_2fa_qr.md b/docs/getting_started/get_uppmax_2fa_qr.md
@@ -0,0 +1,24 @@
+---
+tags:
+  - 2FA
+  - MFA
+  - UPPMAX
+  - QR
+---
+
+# Setting up the QR code for two factor authentication for UPPMAX 
+
+Part of [setting up two factor authentication for UPPMAX](get_uppmax_2fa.md)
+is to get a QR code.
+
+![Getting an UPPMAX 2FA QR code](./img/get_uppmax_2fa_qr.png)
+
+You need to scan this QR code to add your account to your software. Most softwares call this "Add account" or similar and will offer an option to scan a QR code using the smartphone camera or select an area of the screen where the code is.
+
+Note that this must often be done from within the app for two factor authentication. If you see a string similar to
+
+otpauth://totp/username@UPPMAX?secret=SOMETEXT&issuer=UPPMAX
+
+it didn't work and you probably need to do something different (such as starting the app and select scan from within).
+
+Once you've scanned the code, you are often allowed to change the name the software will use for the account before you add it. You can change the name if you want - changing the name does not affect the codes generated. Finish adding the account to the software.
diff --git a/docs/getting_started/get_uppmax_2fa_qr_code.md b/docs/getting_started/get_uppmax_2fa_qr_code.md
@@ -0,0 +1,25 @@
+---
+tags:
+  - 2FA
+  - MFA
+  - UPPMAX
+  - QR
+  - code
+---
+
+# Setting up the QR code for two factor authentication for UPPMAX 
+
+Once you have the new account, you should get one time codes for it when you
+have it selected.
+To finish the registration at UPPMAX, you need to enter the code
+that is displayed in the field where it says "Code:" and submit.
+The codes will change over time, don't worry about this,
+you just need to use whatever code is current.
+
+Once you have entered and submitted the current code,
+you should see a final page:
+
+![The final page](./img/get_uppmax_2fa_qr_code.png)
+
+When you see that page, it will take a little while and the token will
+be activated (you should also receive an e-mail about the new token).
diff --git a/docs/getting_started/img/get_uppmax_2fa_qr.png b/docs/getting_started/img/get_uppmax_2fa_qr.png
diff --git a/docs/getting_started/img/get_uppmax_2fa_qr_code.png b/docs/getting_started/img/get_uppmax_2fa_qr_code.png
diff --git a/docs/getting_started/img/supr_request_2fa.png b/docs/getting_started/img/supr_request_2fa.png
diff --git a/docs/getting_started/supr.md b/docs/getting_started/supr.md
@@ -5,6 +5,19 @@ tags:
 
 # SUPR
 
+Go to [https://suprintegration.uppmax.uu.se/bootstrapotp/](https://suprintegration.uppmax.uu.se/bootstrapotp/)
+to initiate the token
+creation. This should take you to a landing page with some initial
+information and let you know that you will be sent to SUPR to log in.
+
+???- question "How does that look like?"
+
+    ![SUPR request 2FA](./img/supr_request_2fa.png)
+
+Once you click "Continue", you'll be sent to SUPR where you should log in.
+Once you've done so SUPR will let you know that you will be sent back
+and the identity you are logged in with.
+
 ???- info "For staff only"
 
     [SUPR API documentation](https://sonc.swegrid.se/wiki/SUPR/API),

diff --git a/docs/software/2fa_apps.md b/docs/software/2fa_apps.md
@@ -0,0 +1,23 @@
+---
+tags:
+  - 2FA
+  - MFA
+  - app
+  - program
+---
+
+# 2FA apps
+
+Assuming you use a smart phone, there are quite a number of good apps for
+handling twofactor authentication.
+
+A simple one that is easy to get going with is Google Authenticator.
+It's available for Android and iOS.
+
+Authy is another alternative that features cloud storage and sync between
+devices but needs some initial setup.
+Available for Android, iOS and as a Chrome App for computers.
+
+Password handlers and security solutions also often feature two factor
+handling, e.g. Lastpass and Duo Mobile.
+