diff --git a/docs/getting-started/my-account/README.md b/docs/getting-started/my-account/README.md index 6a90e94c7868..255287d1e87a 100644 --- a/docs/getting-started/my-account/README.md +++ b/docs/getting-started/my-account/README.md @@ -104,21 +104,32 @@ Press the blue **Save** button in order to confirm the password changes. ## Two-factor authentication -In order to activate the two-factor authentication for your OpenProject installation, navigate to your **My account** and choose the **Two-factor authentication** in the menu. +In order to activate the two-factor authentication for your OpenProject installation, navigate to your **My account** and choose the **Two-factor authentication** in the menu. If you have not added any device yet, this list will be empty. ![OpenProject my account two_factor authentication](openproject_my_account_two_factor_authentication.png) -In order to register a new device for two-factor authentication, click the green button to add a **new 2FA device**. +If you have already registered one or multiple 2FA devices, you will see the list of all activated 2FA devices here. You can change, which of them you prefer to have set a a default option. + +![List of all registered 2FA devices in OpenProject](openproject_my_account_2fa_overview.png) + +In order to register a new device for two-factor authentication, click the green button to add a **new 2FA device**. You will see the screen, where you will be able to see one or multiple of the following options, depending on what your system administrator has [activated for your instance](../../../system-admin-guide/authentication/two-factor-authentication/): + +- Mobile phone +- App-based authenticator +- WebAuth + +![](openproject_my_account_authentication_options.png) To receive the second factor, you can use an authentication app on your mobile phone, such as Google Authenticator or Authy. You have to enter the code that is displayed in the authentication app to your login. You can remove or approve 2FA applications by confirming your password. Note that this applies only to internally authenticated users. -### Backup codes +### Use your mobile phone -If you are unable to access your two-factor devices, you can use a backup code to regain access to your account. Use the grey button **Generate backup codes** to generate a new set of backup codes. +You can use your mobile phone as a 2FA device. The field *Identifier* will be pre-filled out, you will need to add your phone number and click the green **Continue** button. + +![Add a new mobile phone as a 2FA device in OpenProject](openproject_my_account_two_factor_authentication_mobile.png) -If you have created backup codes before, they will be invalidated and will no longer work. ### Use your app-based authenticator @@ -126,10 +137,24 @@ Register an application authenticator for use with OpenProject using the time-ba Click the grey **Register device** button to register an authentication app. Open your app and follow the instructions to add a new application. The easiest way is to scan the QR code. Otherwise, you can register the application manually by entering the displayed details. -Click the blue **Continue** button to finish the registration. +Click the green **Continue** button to finish the registration. ![openproject_my_account_authenticator_app](openproject_my_account_authenticator_app.png) +### Use the WebAuth authentication + +Use Web Authentication to register a FIDO2 device (like a YubiKey) or the secure enclave of your mobile device as a second factor. After you have chosen a name, you can click the green **Continue** button. + +![](openproject_my_account_authenticator_webauth.png) + +Your browser will prompt you to present your WebAuthn device (depending on your operational system and your browser, your options may vary). When you have done so, you are done registering the device. + +### Backup codes + +If you are unable to access your two-factor devices, you can use a backup code to regain access to your account. Use the grey button **Generate backup codes** to generate a new set of backup codes. + +If you have created backup codes before, they will be invalidated and will no longer work. + ## Access tokens To view and manage your OpenProject access tokens navigate to **My account** and choose **Access tokens** from the menu. Access tokens allow you to grant external applications access to resources in OpenProject. diff --git a/docs/getting-started/my-account/openproject_my_account_2fa_overview.png b/docs/getting-started/my-account/openproject_my_account_2fa_overview.png new file mode 100644 index 000000000000..161ca2b95701 Binary files /dev/null and b/docs/getting-started/my-account/openproject_my_account_2fa_overview.png differ diff --git a/docs/getting-started/my-account/openproject_my_account_authentication_options.png b/docs/getting-started/my-account/openproject_my_account_authentication_options.png new file mode 100644 index 000000000000..465a6eaf7303 Binary files /dev/null and b/docs/getting-started/my-account/openproject_my_account_authentication_options.png differ diff --git a/docs/getting-started/my-account/openproject_my_account_authenticator_app.png b/docs/getting-started/my-account/openproject_my_account_authenticator_app.png index 7cf7956ae9c7..f3cf1a9474d2 100644 Binary files a/docs/getting-started/my-account/openproject_my_account_authenticator_app.png and b/docs/getting-started/my-account/openproject_my_account_authenticator_app.png differ diff --git a/docs/getting-started/my-account/openproject_my_account_authenticator_webauth.png b/docs/getting-started/my-account/openproject_my_account_authenticator_webauth.png new file mode 100644 index 000000000000..e02686fb1c9c Binary files /dev/null and b/docs/getting-started/my-account/openproject_my_account_authenticator_webauth.png differ diff --git a/docs/getting-started/my-account/openproject_my_account_two_factor_authentication.png b/docs/getting-started/my-account/openproject_my_account_two_factor_authentication.png index 537f82ea278a..5a3c82644068 100644 Binary files a/docs/getting-started/my-account/openproject_my_account_two_factor_authentication.png and b/docs/getting-started/my-account/openproject_my_account_two_factor_authentication.png differ diff --git a/docs/getting-started/my-account/openproject_my_account_two_factor_authentication_mobile.png b/docs/getting-started/my-account/openproject_my_account_two_factor_authentication_mobile.png new file mode 100644 index 000000000000..2ccc05254f5c Binary files /dev/null and b/docs/getting-started/my-account/openproject_my_account_two_factor_authentication_mobile.png differ