How to manage TOTP authentication on CREODIAS

In order to use your CREODIAS account, you need to set a password, and an additional factor of authentication. For the latter, the TOTP algorithm is being used. In this article you will learn how to manage your TOTP configuration.

Important

Managing of TOTP authentication described in this text works only if you have access to your CREODIAS account. If you, for instance, lose your phone and do not have your secret code backed up, you will need to contact support. To learn how to do that, see Helpdesk and Support

What Are We Going To Cover

  • Important information about TOTP

  • Entering the TOTP management console

  • Removing the TOTP secret key

  • Adding a new TOTP secret key

  • Contacting customer support

Prerequisites

No. 1 Account

You need a CREODIAS account: https://horizon.cloudferro.com

No. 2 2FA set on your account

During account initialization, you will be prompted to configure 2FA TOTP software. You can, for instance, use one of the following articles for that purpose:

TOTP - important information

The 2FA algorithm used on CREODIAS involves generating a 6-digit TOTP code every 30 seconds using the secret key known both to the software used by the user and by the authentication server. That code is valid until some time after a new code has been generated. During this generation, no data needs to be transferred between the authentication server and the software used by the user - the user needs to enter the key into the correct field.

During 2FA configuration, this secret code is presented to the user and they are able to provide it to the device of their choice. It can also be provided to multiple devices at the same time. The server does not know which devices received that key, and therefore, cannot differentiate between different devices using the same key.

Because of that, the 2FA management console presented in this article does not provide a list of devices used for 2FA, but rather secret keys used for that purpose. If you delete a secret key, all devices which rely on it for authentication will no longer be able to do that.

In this article, the term secret key means the above mentioned key used for generating 6-digit codes. It can be stored on multiple devices, or even on multiple pieces of software on the same device.

Entering the TOTP management console

Navigate to https://identity.cloudferro.com/auth/realms/Creodias-new/account/#/security/signingin - you should get a website similar to this:

../_images/manage-totp-01_creodias.png

Note

On the screenshots in this article, the name of the user was blurred for privacy reasons.

The section Two-factor authentication should contain your currently used secret code.

Removing the TOTP secret key

If you no longer wish to use a secret key, you can remove it. To do that, click Remove. You will receive the prompt on the screenshot below. Note that if you didn’t choose the name otp for your secret key, the name you set will be shown instead.

../_images/manage-totp-02_creodias.png

To confirm, click Continue. The entry should disappear from the list:

../_images/manage-totp-03_creodias.png

Important

Since 2FA is mandatory on CREODIAS, if you delete your last secret key and do not add a new one, you should be prompted for TOTP configuration during next login.

Adding a new TOTP secret key

You can add a new secret code to your account.

Warning

You should only have one secret key attached to one CREODIAS account at the same time. If you have multiple keys, you will be able to use only the earliest one for the OpenStack CLI and generating a Keycloak token for EODATA. Others will only be able to authenticate to the Tenant Manager and Horizon dashboard.

Click Set up authenticator application. If you can’t see this link, use the button containing three dots:

../_images/manage-totp-04_creodias.png

You will get a prompt for setting your application like the you used during account creation:

../_images/manage-totp-05_creodias.png

Proceed in the same way as during account creation - Prerequisite No. 2 above contains articles which can help. If you want to use multiple devices for that secret key, add it to them all before finishing the configuration. Once you’re ready, enter the 6-digit TOTP code to complete from one of your devices and complete the process.

Of course, if at least one of devices used for that secret key allows you to extract that secret key, or you backed it up somewhere in a readable form, you will be able to add your secret key to more devices in the future without having to reconfigure it.