Skip to main content

Setting up authentication

Beginning of work

You are on the login page for your information system

Start authorization

Enter your username and, if necessary, password.

Enter login and password

You will see a prompt to configure authentication methods. You must configure at least one multi-factor authentication method. Additional methods can be added later.

Welcome multifactor setup window

You will be shown the authentication methods approved by your administrator. Choose any one that suits you and proceed to setup.

Available multi-factor authentication methods

When setting up and logging in, please be aware that your administrator will set a maximum time within which you must do so. By default it is 20 minutes.

Mobile application Multifactor

To set up authentication through the Mobile application, click "Add account" in the "Mobile application" section.

Available multi-factor authentication methods

The service will generate a QR code for you, which you will need to scan using the Multifactor application for platforms iOS or Android, or open a special link on your phone with the Multifactor application installed.

Start registration in the Multifactor application

In the application, click on the add a new account button (+ button), allow the application to access the camera (if prompted) and scan the QR code.

Adding an account to the Multifactor application

Setting up a secure lock screen

The Multifactor mobile application requires the use of a secure lock screen on your device in order to function correctly. If blocking is disabled on the device using one of the secure methods, the Multifactor application will display an error when launched:

Error that there is no secure lock screen

To continue, make the following settings:

  1. Android
    1. Go to "Settings" -> "Lock screen" -> "Screen lock type";
    2. Configure one of the following lock types:
      • drawing (graphic key);
      • PIN code;
      • password;
      • biometric data (face or fingerprints).
Setting up a secure lock screen in Android
Please note

The Multifactor Android app does not work with insecure screen lock types (such as "Swipe").

  1. iOS
    1. Go to "Settings" -> "Face ID and passcode";
    2. Configure one of the following lock types:
      • password code;
      • Face ID (or Touch ID, depending on the device)
        If you use this method, turn on the "Unlock iPhone" switch.
Setting up a secure lock screen in iOS
Please note

The Multifactor app for iOS does not work with insecure screen lock types. For example, a simple auto-lock screen (in the "Settings" -> "Display and Brightness" section) in the absence of a passcode.

Telegram

To set up authentication via Telegram, click “Add name” in the appropriate section.

Available multi-factor authentication methods

We will show you a page with a link to download the Telegram application and a QR code to add a bot that will authenticate you.

Adding a name to Telegram

If you use the mobile version of the messenger, scan the QR code on the page with your phone. Open the scanned link in Telegram, by copying it or using the application selection to open the link.

If you are using the computer version of Telegram, copy the link from the text “this link” by right-clicking and selecting “Copy link address”. Send the link to your bookmarks in the messenger and follow it.

You will see a window for interacting with the bot @MultifactorBot. Click "Start" to register your Telegram account as a method for two-factor authentication.

Please note

The bot ID is @MultifactorBot. The bot is available at https://t.me/MultifactorBot.

Start registration in the Telegram bot for multi-factor authentication

After successfully registering this authentication method, the bot will notify you in a message.

Registration in the Telegram bot for multi-factor authentication is completed

You can return to the add authentication methods page and make sure that your Telegram account is now used as an additional authentication method.

Registration in the Telegram bot for multi-factor authentication is completed, return to the page for adding authentication methods

Biometrics and U2F

To set up authentication using biometric sensors or U2F tokens and click "Add Biometrical" in the "U2F and Biometrics" section.

Available multi-factor authentication methods

The system will prompt you to select one of the U2F authentication factors, including biometric sensors, if available.

Adding U2F authentication

Follow the on-screen instructions and you'll add one of the most convenient additional authentication options.

U2F authentication added

Google Authenticator/Ya.Key

To set up authentication using Google Authenticator/Ya.Klyucha or any other software token, click "Add Google" in the Google Authenticator section.

Available multi-factor authentication methods

The service will generate a QR code for you, which will need to be scanned using Google Authenticator/Ya.Klyucha or any other application for generating one-time codes.

Adding a software token

In the application, click on the button to add a new software token, allow it access to the camera if necessary, and scan the QR code.

Scanning the QR code of the software token

After this, a new one-time access code generator will be added to the application.

Software token initialized successfully

Enter the OTP you see in the app on the Add Authenticator page to complete the authentication setup process.

Entering one-time software token code

OTP token

To set up multi-factor access using an OTP token, click "Add a new OTP token".

Available multi-factor authentication methods

Along with the OTP token, you were provided with its key. Enter it in the first field. Then place your cursor in the second field and activate your token.

Adding OTP token

HOTP Token JaCarta

Download the application JaCarta Unified Client, open it, go to the OTP settings and initialize the slot .

! Note

To bind, you must initialize the new slot directly. If there is an old slot, it must be cleared and reinitialized. This is necessary to synchronize the counters (the “Counter value” item should be 0).

Application operations

When initializing a slot, set the slot parameters:

  • Slot type: One-time password
  • Slot name: arbitrary
  • Algorithm: select from the list a 6-character code and the SHA1 or SHA256 algorithm.
  • Counter value: 0

! Note

Currently Multifactor only supports 6 characters, unlike JaCarta which supports 6-8 characters.

Slot initialization parameters

At the end of the setup, save the data from the initiated slot to a file and open the file in a text editor, find the sccKey parameter.

sccKey

Copy the found sccKey to the Multifactor OTP device binding form.

Binding

Click the button specified in the initialized slot to bind the device.

!Note

To log in later, just click the button on JaCarta and press Enter.

Rutoken

Install the “Rutoken OTP Initialization Utility” application on your Android phone. The app is also available for Windows, but in this case you will need a separate NFC reader.

In the “OTP tokens and applications” section, click Add OTP.

Using the Rutoken OTP Initialization Utility application, scan the QR code that appears.

Initialization utility

The application calculates the secret key, which then needs to be written to the OTP token.

initialization

Enable NFC on your phone and hold the OTP token close to your phone. Wait for vibration and click “Connect OTPCard”. If the connection is successful, you will see the message “Connected successfully”

! Note Do not disconnect the token from the phone to avoid losing the connection. Click “BurnSeed” and wait for the message that the secret key was successfully written to the token.

Connect

Disable the OTP token and re-enable it. Enter the one-time code that appears in the field and wait until the device is registered in the Multifactor system.

slot initialization

After successful pairing, the device will be displayed in the “OTP tokens and applications” section. It will also be available for selection when authenticating on a protected resource.

binding

SMS

To set up authentication using SMS, click "Add number" in the SMS section.

Available multi-factor authentication methods

In the window that opens, enter your number in the format +71234567890.

Two-factor login confirmation via SMS

Enter the one-time code from the received SMS.

Adding additional methods

In future work, you can add additional authentication methods. To do this, during the authorization process on your portal, click on the three dots in the upper right corner of the form, select “Authentication Methods”, and go through two-factor authentication. After this, you will be able to add additional methods.

Adding additional authentication methods