The authentication process on MOGON provides the best possible protection against malicious intent. Here are step-by-step instructions on how to set up your phone for 2FA.
Onboarding - Next Steps:
Ask your PI to add your JGU account to an HPC project.
The two-factor authentication to verify personal usage of your MOGON account, requires you to download and install an authenticator app on your smartphone.
Please pick one of the two recommended apps below, which are checked for compatibility with our system. Other apps may not function properly and we cannot provide support if you face trouble with a different app.
A VPN is necessary to access
privacyidea.zdv.uni-mainz.de
. If you have not set up VPN on your PC, yet, please follow
these instruction
from ZDV. In case you are outside the campus network, and can not use a VPN, please use the following link:
2fa.hpc.uni-mainz.de
.
Have your smartphone with freeOTP or PrivacyIDEA app installed ready.
Browse to
PrivacyIdea
and get ready for the login. Browser extensions, such as uBlock, uMatrix and NoScript, probably will prevent the website from functioning properly.
This website is only accessible within the campus network. You can reach it from outside via
VPN
or with a
remote desktop session
. Users outside of the campus network, which can not use a VPN, can instead go to
2fa.hpc.uni-mainz.de
. This link resolves to the same page.
For the login you need your username and the one-time registration key. The one-time registration key serves as a password for the login to PrivacyIdea and is sent to you by e-mail after your account has been added to an HPC project.
After successful login, click Token ausrollen in the menu on the left side.
On the page Token ausrollen select TOTP: Zeitbasiertes Einmalpasswort as token. Do not change OTP-Länge and Zeitschritt. Fill in the field Beschreibung and click on Token ausrollen at the bottom of the page.
Scan the QR-Code on your screen with the 2FA app of your choice on your smartphone.
Do not share the QR-Code with anyone. Employees of the HPC Group will never ask you for your QR-Code or other login credentials.
Do not scan the QR-Code shown above!
The newly created token is initially deactivated and must be activated by an HPC-Admin.
Inform the HPC-Admin of the successful creation of the token, so that he can activate it. As soon as the token has been activated by the HPC-Admin, you can see the status at the Alle Token page.
Done. You should be able to use the 2FA app of your choice to create new TOTPs as necessary for login to MOGON.
Migrating privacyIDEA to a new smartphone requires that your old one is still functional and you can log in to MOGON with it, and that your new smartphone is already set up and functional.
Passwort: Current token value (on the old smatphone).
After successful login, you should see the token overview. Now click the serial number of the token you want to delete to access the Tokens detailed overview page. In this example the serial number is TOTP01234567.
You can now delete the token permanently by clicking on the Delete|Löschen button.
After you deleted the token, you will be redcirected to the overview where the token should have disappeared. Now click on Enroll Token|Token ausrollen to enroll a new Token.
On the next page just fill in the field Description|Beschreibung and click on the Enroll new Token|Token ausrollen button at the bottom of the page.
Now scan the displayed QR-Code on the next page with the 2FA app on your new smatphone.
The newly created token is initially deactivated and must be activated by an HPC admin. Please contact the HPC Group and ask for the token to be activated. Always specify the serial number of the token when contacting us for activation.
iPhone backup
If you use an iPhone, you can restore your TOTPs by setting up your new smartphone from an encrypted local backup on your computer.