Configuring Multi-Factor Authentication
Multi-Factor Authentication (MFA) is required to access OpenScienceLab resources. Currently, we support TOTP-based authentication, with plans to add hardware key (ex. Yubikey) authentication in future updates.
Watch: Log In and Set Up MFA
Before You Begin
A TOTP-enabled MFA application is required to use OpenScienceLab resources. While the most widely utilized approach is through a smartphone application, there are also several desktop clients that provide this functionality.
| Application | Desktop Support | Android Support | iOS Support |
|---|---|---|---|
| KeePassXc | ✅ | ❌ | ❌ |
| Enpass | ✅ | ✅ | ✅ |
| Cisco Duo | ✅ | ✅ | ✅ |
| Authenticator.cc* | ✅ | ✅ | ✅ |
| Bitwarden** | ✅ | ✅ | ✅ |
| FreeOTP | ❌ | ✅ | ✅ |
| Google Authenticator | ❌ | ✅ | ✅ |
| Microsoft Authenticator | ❌ | ✅ | ✅ |
| Aegis Authenticator | ❌ | ✅ | ❌ |
* Browser based
** TOTP supported in paid version only
Setup Steps
- Log into OpenScienceLab normally. Leave the "MFA" field on the login page blank.
- Click "Configure New MFA Device" in the Navigation Bar at the top of the page.
- Configure your MFA device:
- If using a smartphone application, scan the QR code using the application's "Scan QR Code" feature.
- If using a desktop application, copy the OTP Secret into the "TOTP" field
- Enter the current MFA code generated by your application into the "Code 1" field on the "Configure New MFA Device" page.
- When the code changes, enter the new code into the "Code 2" field on the same page and click the "Check MFA Codes" button.
- If the check is successfull, navigate back to the home page by clicking "Home" in the Navigation Bar at the top of the page and continue using OpenScienceLab as normal.
Troubleshooting
- If the MFA Code check is not successful, there are two potential issues:
- One of the codes was mis-typed.
- The secret was not properly put into the MFA application.
- Test again with another two consecutive codes, and if the verification step fails again, check that the OTP Secret on the page matches the secret in your application.
- If all else fails, refresh the page. This will generate a new code, which you can then use to follow the same steps above.
For additional issues and further troubleshooting, please email uso@asf.alaska.edu