@@ -47,7 +47,22 @@ The procedure is documented below for some popular choices:
...
@@ -47,7 +47,22 @@ The procedure is documented below for some popular choices:
-[OpenSSH](#generating-a-key-pair-with-openssh) - a popular choice on GNU/Linux, macOS, and other Unix-like operating systems
-[OpenSSH](#generating-a-key-pair-with-openssh) - a popular choice on GNU/Linux, macOS, and other Unix-like operating systems
-[PuTTY](#generating-a-key-pair-with-putty) - a popular choice on Windows
-[PuTTY](#generating-a-key-pair-with-putty) - a popular choice on Windows
Multi-Factor Authentication (MFA) is available through JuDoor, but at this time is opt-in.
:::info[Multi-Factor Authentication]
JuDoor offers users the option to enable Multi-Factor Authentication (MFA), which adds an extra layer of security to your account. With MFA enabled, you'll be required to provide a secondary factor of authentication in addition to your password. For example, when logging in to JSC services, you'll be prompted to enter a time-based one-time password (TOTP) as the second factor. In addition, JuDoor allows users to enable MFA for SSH login. Once enabled, when accessing the ssh service on the login hosts of the JSC system, users will be prompted to enter a 6-digit token after successfully authenticating using the ssh public key.
To enable MFA in JuDoor please navigate to the "Account Security" page by clicking the fingerprint icon in the navigation bar or using the account dropdown menu. There you see a list of your accounts. You can start the setup process using the "Start MFA Setup" button. On this page you can find our recommendations for TOTP Apps to use, but any other TOTP App should probably work just as well. You will need to install a compatible App, scan the QR-Code with the App to add the account, and then insert into the form both your current password and the code the App generates. After pressing "Continue" you will be presented with 10 reset codes. These can be used to disable MFA again in case you lose access to your second factor. You should save these at a secure location or print them.MFA will be enabled for your account only after you have confirmed that you have saved these reset codes. MFA is now enabled. The Fingerprint Icon in the Navigation bar now shows your MFA authentication state. Because you have just entered a valid code, you are MFA authenticated and can continue to use JuDoor as normal. The MFA authentication expires after 24 hours or if you open JuDoor from a different browser/device or clear your cookies.
The following actions are secured by MFA in JuDoor and therefore a valid token is needed:
* Joining a project
* Adding an SSH Key
* Removing an SSH Key
* Changing someone’s access in a project if you are a PI or PA
Actions that require TOTP are marked with a fingerprint icon.
Currently, MFA is an opt-in feature (can be activated on demand). However, at some point in the future, it will become an opt-out feature (activated by default but can be deactivated if desired).
