Two-Factor Authentication to CREODIAS site using mobile application

Warning

Two-Factor Authentication will be required starting on 18/05/2023 for all CREODIAS users. The only exception are accounts which log in using Keystone credentials.

Traditionally, the most basic way to implement security online was to authenticate users and companies with a pair of usernames/passwords. Most usernames are email addresses and if email address is breached, the bad actor can probably learn your password too. What once used to be secure enough is not secure now because of easy access to refined brute force methods, availability of computing power at scale, social engineering methods, identity theft and so on.

The way to overcome this limitation is to introduce two or more factors or types of user authentication. These could be

  • something the user knows (email address, the name of their first pet etc.)

  • something the user has (token generator, smartphone, credit card etc.) or

  • biometric information such as fingerprint, iris, retina, voice, face and so on.

Logging into the CREODIAS site uses two-factor authentication, meaning you will have to supply two independent types of data:

  • the “classical” username and password, as well as

  • the numeric code supplied by a concrete mobile app.

This article is about using mobile devices to authenticate to the cloud. If you want to use your computer to do that, see Two-Factor Authentication to CREODIAS site using KeePassXC on desktop.

You will first have to install one of the following two mobile applications, for Android or iOS mobile operating systems:

We can use “mobile authenticator” as a generic term for a mobile app that can help authenticate with the account.

Which One to Use – FreeOTP or Google Authenticator?

You can use FreeOTP with Google accounts instead of Google Authenticator app.

If you already use Google Authenticator app for other accounts, you may prefer it over FreeOTP.

Warning

If your accounts are protected by Google Authenticator and it stops working, then you risk losing all the data that were behind those protected accounts. The most common scenario is to switch to a new phone number and then not be able to verify the accounts via a text message to the previous phone number.

In this tutorial, you are going to use the FreeOTP app.

Warning

If you lose access to QR codes and cannot log into the Horizon site for CREODIAS, ask Support service to help you by sending email to the following address support@cloudferro.com.

What We Are Going To Cover

  • How to start using the mobile authenticator

  • How to locate, download and install FreeOTP app on your mobile device

  • How to set up FreeOTP app and connect it to your CREODIAS account

  • How to get new code each time you want to enter the site

Prerequisites

Use only one of the four possible combinations for two apps and two app stores.

No. 1 FreeOTP app in Google Play Store

Download FreeOTP app in Google Play Store using this link.

No. 2 FreeOTP app in iOS App Store

Download FreeOTP app in iOS App Store using this link.

No. 3 Google Authenticator in Google Play Store

Download Google Authenticator in Google Play Store using this link.

No. 4 Google Authenticator in iOS App Store

Download Google Authenticator in iOS App Store using this link.

Warning

You should install the authenticator app before trying to log into the CREODIAS site.

You are now going to download, install and use the FreeOTP app to authenticate to CREODIAS site.

Step 1 Download and Install FreeOTP from the App Store

Using the App Store icon from the desktop of your iOS device, locate app called freeotp. A screen like this will appear:

../_images/otp01.png

Tap on GET and the app will start downloading to your device.

../_images/otp02.png

It may take a minute or so and then install it by tapping on button Install.

../_images/otp03.png

Once installed, type on Open and the app will run. At first, there will be no tokens to work with:

../_images/otp04.png

Note

FreeOTP can also use tokens to secure access to the remote site. The CREODIAS site uses QR code, so that is what you will use in this tutorial. (Both “token” and “QR scan” denote a secure connection to the site, but use different techniques in the process.)

Step 2 Scan QR and Create Brand

Select a brand, which means select an icon that will make your tokens stand out graphically. If you will employ this app only to get access to CREODIAS, you may select whichever icon you want.

../_images/otp05.png

In the next step, you may require that the phone is unlocked when the token is to be activated. Choose that if you are afraid someone might steal your phone and get access to your CREODIAS data that way.

../_images/otp07.png

Clicking on information icon will show you legal details about this app.

../_images/otp08.png

To scan the QR code, use a QR like icon in the upper part of the screen, like this:

../_images/eefa_freeotp_qr_icon.png

Click on it to get to the scanner part of the application and read the QR code from the login screen.

Note

The QR code will appear on screen when you first try to log into the CREODIAS site (see below).

../_images/eefa_qr_screen_creodias.png

Step 3 Create a Six-digit Code to Enter Into the Login Screen

Finally, you will see a row within the FreeOTP app, with the icon you chose and with the code that will appear automatically. For instance, the code is 289582 and that is the code that you need to enter when the site asks you for One-time code.

../_images/otp09.png

If you created several tokens or repeatedly scanned QR code from the screen, you may see the appropriate number of rows on the mobile screen:

../_images/eefa_several_rows.png

Tapping on any of these will produce the six-digit code that you have to type into the entry form to get logged in. Only one of these will be the right one, in this case, the first row produces the correct six-digits code for CREODIAS site.

../_images/eefa_tapped.png

You are now ready to log into the CREODIAS site using the two-factor authentication.

How to Start Using the Mobile Authenticator With Your Account

Use the usual link https://horizon.cloudferro.com to log into your CREODIAS account and choose CREODIAS in the input menu.

../_images/eefa_start_creodias.png

Click on blue button Sign In and enter your username / email and password:

../_images/eefa_sign_regular_creodias.png

If the data you entered has not already been linked to two-factor authentication, the next screen will be Mobile Authenticator Setup:

../_images/eefa_mobile_auth_setup_creodias.png

This screen will contain the QR code that you have to read from using the mobile authenticator app, in this case, the FreeOTP app.

At this moment, start using the mobile device – activate the FreeOTP first if not already active, scan the QR code with the QR icon and, as explained above, get the six-digit code on the mobile device screen.

Retype that six-digit code into the One-time code field on computer screen. It is denoted by an asterisk, meaning that it is mandatory to enter a value into this field.

You can use the field Device Name to remind yourself on which device was the mobile authenticator app installed on.

Click on Submit and you will be brought back to the Sign in screen from the beginning:

Logging Into the Site Once the Two-Factor Authentication is Installed

Here is the workflow in one place, with all of the screens repeated for easy reference.

Use the usual link https://horizon.cloudferro.com to log into your CREODIAS account and choose CREODIAS in the input menu.

../_images/eefa_start_creodias.png

Click on blue button Sign In and enter your username / email and password:

../_images/eefa_sign_regular_creodias.png

Since the two-factor authentication is already installed, you will only see the window to enter the six-digit code.

../_images/eefa_restart_login_creodias.png

Now activate the mobile authenticator app and get the code on the device screen, for instance, like this:

../_images/eefa_tapped.png

In this case, the code is . Enter it into the form, Submit and you will be logged in.

../_images/eefa_logged_in_creodias.png

Note

If the FreeOTP app is in the foreground on the mobile device while you are submitting the username and password, the app will react automatically and the proper six-digit code will appear on its own on the authenticator device.

What To Do Next

As mentioned in the beginning, you can use your computer for two-factor authentication – see article Two-Factor Authentication to CREODIAS site using KeePassXC on desktop.

Either using mobile device or computer to authenticate, you will be logged into Horizon. You will then need to activate access to CREODIAS cloud API functions and be able to run openstack command. Please see article How to activate OpenStack CLI access to CREODIAS cloud using one- or two-factor authentication.

To learn how to manage your TOTP secret key, visit the following article: How to manage TOTP authentication on CREODIAS - it can be useful if you, for instance, want to use a different method of authentication, are unable to extract your secret key from currently used piece of software such as FreeOTP and do not have your secret key backed up in a readable way.