Setting up authentication
Beginning of work
You are on the login page for your information system
Enter your username and, if necessary, password.
You will see a prompt to configure authentication methods. You must configure at least one multi-factor authentication method. Additional methods can be added later.
You will be shown the authentication methods approved by your administrator. Choose any one that suits you and proceed to setup.
When setting up and logging in, please be aware that your administrator will set a maximum time within which you must do so. By default it is 20 minutes.
Mobile application Multifactor
To set up authentication through the Mobile application, click "Add account" in the "Mobile application" section.
The service will generate a QR code for you, which you will need to scan using the Multifactor application for platforms iOS or Android, or open a special link on your phone with the Multifactor application installed.
In the application, click on the add a new account button (+ button), allow the application to access the camera (if prompted) and scan the QR code.
Setting up a secure lock screen
The Multifactor mobile application requires the use of a secure lock screen on your device in order to function correctly. If blocking is disabled on the device using one of the secure methods, the Multifactor application will display an error when launched:
To continue, make the following settings:
- Android
- Go to "Settings" -> "Lock screen" -> "Screen lock type";
- Configure one of the following lock types:
- drawing (graphic key);
- PIN code;
- password;
- biometric data (face or fingerprints).
The Multifactor Android app does not work with insecure screen lock types (such as "Swipe").
- iOS
- Go to "Settings" -> "Face ID and passcode";
- Configure one of the following lock types:
- password code;
- Face ID (or Touch ID, depending on the device)
If you use this method, turn on the "Unlock iPhone" switch.
The Multifactor app for iOS does not work with insecure screen lock types. For example, a simple auto-lock screen (in the "Settings" -> "Display and Brightness" section) in the absence of a passcode.
Telegram
To set up authentication via Telegram, click “Add name” in the appropriate section.
We will show you a page with a link to download the Telegram application and a QR code to add a bot that will authenticate you.
If you use the mobile version of the messenger, scan the QR code on the page with your phone. Open the scanned link in Telegram, by copying it or using the application selection to open the link.
If you are using the computer version of Telegram, copy the link from the text “this link” by right-clicking and selecting “Copy link address”. Send the link to your bookmarks in the messenger and follow it.
You will see a window for interacting with the bot @MultifactorBot. Click "Start" to register your Telegram account as a method for two-factor authentication.
The bot ID is @MultifactorBot. The bot is available at https://t.me/MultifactorBot.
After successfully registering this authentication method, the bot will notify you in a message.
You can return to the add authentication methods page and make sure that your Telegram account is now used as an additional authentication method.
Biometrics and U2F
To set up authentication using biometric sensors or U2F tokens and click "Add Biometrical" in the "U2F and Biometrics" section.
The system will prompt you to select one of the U2F authentication factors, including biometric sensors, if available.
Follow the on-screen instructions and you'll add one of the most convenient additional authentication options.
Google Authenticator/Ya.Key
To set up authentication using Google Authenticator/Ya.Klyucha or any other software token, click "Add Google" in the Google Authenticator section.
The service will generate a QR code for you, which will need to be scanned using Google Authenticator/Ya.Klyucha or any other application for generating one-time codes.
In the application, click on the button to add a new software token, allow it access to the camera if necessary, and scan the QR code.
After this, a new one-time access code generator will be added to the application.
Enter the OTP you see in the app on the Add Authenticator page to complete the authentication setup process.
OTP token
To set up multi-factor access using an OTP token, click "Add a new OTP token".
Along with the OTP token, you were provided with its key. Enter it in the first field. Then place your cursor in the second field and activate your token.
HOTP Token JaCarta
Download the application JaCarta Unified Client, open it, go to the OTP settings and initialize the slot .
! Note
To bind, you must initialize the new slot directly. If there is an old slot, it must be cleared and reinitialized. This is necessary to synchronize the counters (the “Counter value” item should be 0).
When initializing a slot, set the slot parameters:
- Slot type: One-time password
- Slot name: arbitrary
- Algorithm: select from the list a 6-character code and the SHA1 or SHA256 algorithm.
- Counter value: 0
! Note
Currently Multifactor only supports 6 characters, unlike JaCarta which supports 6-8 characters.
At the end of the setup, save the data from the initiated slot to a file and open the file in a text editor, find the sccKey parameter.
Copy the found sccKey to the Multifactor OTP device binding form.
Click the button specified in the initialized slot to bind the device.
!Note
To log in later, just click the button on JaCarta and press Enter.
Rutoken
Install the “Rutoken OTP Initialization Utility” application on your Android phone. The app is also available for Windows, but in this case you will need a separate NFC reader.
In the “OTP tokens and applications” section, click Add OTP.
Using the Rutoken OTP Initialization Utility application, scan the QR code that appears.
The application calculates the secret key, which then needs to be written to the OTP token.
Enable NFC on your phone and hold the OTP token close to your phone. Wait for vibration and click “Connect OTPCard”. If the connection is successful, you will see the message “Connected successfully”
! Note Do not disconnect the token from the phone to avoid losing the connection. Click “BurnSeed” and wait for the message that the secret key was successfully written to the token.
Disable the OTP token and re-enable it. Enter the one-time code that appears in the field and wait until the device is registered in the Multifactor system.
After successful pairing, the device will be displayed in the “OTP tokens and applications” section. It will also be available for selection when authenticating on a protected resource.
SMS
To set up authentication using SMS, click "Add number" in the SMS section.
In the window that opens, enter your number in the format +71234567890.
Enter the one-time code from the received SMS.
Adding additional methods
In future work, you can add additional authentication methods. To do this, during the authorization process on your portal, click on the three dots in the upper right corner of the form, select “Authentication Methods”, and go through two-factor authentication. After this, you will be able to add additional methods.
