Viewable by the world

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 27 Next »

What is Multi Factor Authentication? 

Multi Factor Authentication (MFA) is an authentication strategy where a user is granted access to a resource once they have provided separate pieces of evidence proving who they are. For example, think about accessing your bank accounts via an ATM machine. To prove to the bank who you are and that you can access your bank account, you insert your ATM card (something you have) and enter your PIN number (something you know). You have provided the bank with two forms of authentication enabling the bank to give you access to your account.

Why use MFA? 

Plain and simple, to secure resources against unauthorized personnel and ensure only authorized users have access to appropriate resources.

Integration of One-Time Passwords with User Credentials

For access to most Lab resources other than privileged server access, Berkeley Lab has implemented an MFA strategy requiring the use of your Berkeley Lab Identity credentials in conjunction with a one-time password (OTP). An OTP can be generated either by a software or hardware solution. Berkeley Lab IT has enabled the ability to use either.  Software OTPs are generated using Google Authenticator, whereas hardware OTPs are generated from an authentication device known as a YubiKey. Berkeley Lab IT is the organization that issues the hardware authentication device.

MFA at Berkeley Lab

Berkeley Lab uses MFA for access to:

  • Windows Login - MFA for Operations personnel logging into Windows Active Directory computers (sometimes known as StrongID)
  • HRIS Login - MFA for HR personnel logging into Berkeley Lab HR databases and accessing Personally Identifiable Information (PII) data
  • Web-based single sign on (SSO) - MFA for Single Sign-On providing Lab personnel access to Berkeley Lab resources like email, calendar, LETS, etc.
  • Lawrencium HPC Cluster - MFA for HPCS Clusters
  • Privileged Server Access - MFA for access to critical servers and services via gateways (sometimes known as L4 Gateways, or L4 StrongID)

How do I get started using MFA?

The full process is outlined here. Please note that Berkeley Lab employees must submit a help ticket to obtain either a Yubikey or Privileged L4 Key. 

  • No labels

Was this site useful for you? Do you have any feedback or suggestions? Please click here to send your comments about this FAQ to IT.