Skip to content

Two-factor authorisation (2FA)/OTP tutorial video

Two-factor authorization (2FA)

In order to increase security, logging into ICM systems requires two-factor authentication (2FA).

  • The first component consists of the traditional login and password pair.
  • The second component is OTP One Time Password, i.e. a one-time code, individual for each user, generated using a special application.

You will be asked for OTP during login to the following services:

  • Computational server hpc.icm.edu.pl
  • Resource Allocation System https://granty.icm.edu.pl/

The same token is valid for both of them. The system will expect the OTP even if you have not register the token so far.

Applications to handle TOTP tokens

Smartphone

In order to obtain the code, it is necessary to install an application that supports the TOTP (Time-based One-time Password) token mechanism, e.g. FreeOTP, Authy or GoogleAuthenicator on your phone. The applications are available in either GooglePlay or AppStore, the are free and do not require internet access (they work offline).

The use of the phone application is preferred because:

  • it is easier to handle
  • another device is an additional safety factor

If this is not possible, you may install the application on your computer. Details below.

PC

TOTP token can be registered on your PC with a GUI application, like https://keepassxc.org/

Generate and register the TOTP token

In order to register the real token, please log in with your data to https://mfa.hpc.icm.edu.pl and generate the token without changing the default settings (enroll token). A QR code will appear, which should be scanned into the application.

Warning

Each ICM user can have only one token registered. After removing the token from the application on the phone, it cannot be recovered (only reset by the administrator).

Below, the default settings are listed:

and the generated token 20TOTP05228F43:

Dummy OTP token

If you do not feel confident you can play with a dummy token. You can not login with it, but your application shall be able to import it. Once the real token is lost, it can not be regenerated without 'admin help'.

When you start up the app you should see a "+" at the top of the screen. Pressing it should start the camera, point it at the following QR code:

Text being hidden behind the QR is: otpauth://totp/apptest%20TOTP05228F43?secret=4ZRWWHXXCFF76CJJQNEWQDWVQDPORP3F&period=30&digits=6&issuer=ICM-HPC

The application shall automaticaly install a dummy account entry called apptest 20TOTP05228F43, displaying a six-digit number that changes every 30s.

Alternatively to scanning the QR code, you can enter the test-secret manually: 4ZRWWHXXCFF76CJJQNEWQDWVQDPORP3F.

You can delete the test account once you have got to the stage that it is generating the six-digit TOTP.

Ta strona używa plików cookies.
Polityka Prywatności    AKCEPTUJĘ