Versions Compared

Old Version 8

changes.mady.by.user Martin Kuba

Saved on

compared with

New Version 9

changes.mady.by.user Martin Kuba

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

e-INFRA CZ AAI (Authentication and Authorization Infrastructure) offers MFA (Multi-Factor Authentication) using TOTP (Time-based One-Time Passwords) or WebAuthn (Web Authentication) standards.

Users may also generate backup OTP one-time codes for regaining access in case they lose their tokens. Detailed instructions can be found hereat the page https://perunaai.atlassian.net/wiki/spaces/EINFRACZ/pages/48824321/How+to+set+up+multi-factor+authentication?atlOrigin=eyJpIjoiMmU0ODE3OGVmNTBjNGY5ZGI0OTJlMDVhN2JjMGFhOWIiLCJwIjoiYyJ9 .

Contents

Table of Contents
minLevel2
maxLevel7

...

Performing

...

MFA with a registered token

When accessing a service , which requires Multi-Factor Authentication, the e-INFRA CZ AAI will forward the request to your home organization. If you can perform MFA there, you will do so there. Otherwise, if you have registered for e-INFRA CZ AAI MFA, you will be prompted to perform MFA in the e-INFRA CZ AAI context (or will be displayed an error message if you cannot fulfil this requirement).

...

Available methods

TOTP

TOTP (Time-based One-Time Password) is a standard method for one-time code generation, defined in RFC 6238, and used by many commercial services. TOTP app has a shared secret with the server and generates time-constrained numerical codes based on that secret. The most common setting is 6 digits with validity of 30 seconds.

Expand
titleMore information ...

You may know this method by many alternative names, including “code from verification app”, “verification code”, “authentication code”, “code from authentication app”, “6 digit code from code generator”, “code from Google Authenticator” or “verification code from the Google Authenticator app”.

The advantage of this method is its versatility - you can copy the one-time code from the app in your smartphone to another app, type it on your PC or even a smart TV. The only requirement that the device you want to authenticate on needs to fulfill is the capability to enter digits.

You can use any TOTP app, for example andOTP, Aegis Authenticator, Google Authenticator, FreeOTP+. Alternatively you can use the TOTP capability of your password manager (e.g. BitWarden or LastPass Authenticator). If you already have a TOTP app installed, you do not have to install another one, you can just add e-INFRA CZ AAI.

...