Multifactor authentication with edu-ID

You can already configure two-factor authentication for your SWITCH edu-ID account. However, two-factor authentication will only be activated on the UNIL VPN on the 11th of July 2022 and is therefore not yet available.

The IT department is gradually activating en multi-factor authentication (or MFA, two-factor authentication or strong authentication) for various services in order to increase the security of our applications (more info on our blog, in french). In addition to your password, you will be asked for a one-time code, either received by SMS or generated in an application provided for this purpose (such as Google Authenticator).

The edu-ID digital identity includes multi-factor authentication and enabling it is easy. To read official SWITCH documentation on MFA and edu-ID, go here: https://help.switch.ch/eduid/faqs/?lang=en#mfa

Activation

(adapted from the official SWITCH documentation)

To enable two-step login, go to your SWITCH edu-ID account at https://eduid.ch and click on the plus (+) sign next to Two-step login

or go directly to the two-step login settings (https://eduid.ch/web/edit-security-settings/). Then enable one of the two-step login methods.
If you choose the app generated code (TOTP), you must install an authenticator app such as Authy, FreeOTP, Google Authenticator, or OTP Auth to get your codes.

If you use a non-Swiss phone number, please be aware that certain countries and operators may limit the delivery of SMS messages, or charge for them. In this case, we recommend you use an authenticator app rather than the SMS option.

It is possible to enable more than one two-step login method. Login with app is then displayed as the first/preferred tab.

Depending on your settings, two-step login is only used for those services that require it (On request) or for all services each time (Always).

To disable two-step login, go back to the two-step login settings (https://eduid.ch/web/edit-security-settings/) and disable all of the enabled methods. Please note that this may mean that you need to reinitialise or reverify the verification code if you reactivate a certain method later on.

Most of the authenticator apps mentioned above work with multiple account providers too, such as Google, Facebook, etc.

Connection

When connecting to a service requiring a second factor, after the usual login asking for your email address and edu-ID password, you will be presented with a new page:

This page enables you to choose between using a app generated code (for example in Google Authenticator) or an SMS, depending on what you have configured. If available, the don't ask again for one week option means you will not be prompted for the second facteur for seven days when using the current browser.

Connecting to the Pulse Secure VPN

Starting from the 11th of July 2022, each time you connect to our VPN, you will be prompted with the familiar edu-ID login page, requiring you to enter your email address and edu-ID password:

~~The,~~Then, if you haven't yet configured a second factor, the process will guide you through setting it up. By clicking on continue, you will be taken to the two-step authentication settings page (https://eduid.ch/web/edit-security-settings/) of your edu-ID account:

SiIf ~~votre~~your 2esecond ~~facteur~~factor ~~est~~is ~~configuré,~~configured, ~~celui-ci~~you ~~sera~~will ~~maintenant~~be ~~demandé.~~asked Sito ~~vous~~enter ~~avez~~it. ~~opté~~If ~~pour~~you ~~l’application~~chose ~~pour~~the ~~votre~~authenticator 2eapp, ~~facteur,~~open ~~lancez~~the ceapp ~~dernier,~~and etcopy ~~copiez~~the ledisplayed ~~code affiché :~~code:

SiIf ~~vous~~you ~~avez~~chose ~~choisi~~SMS ~~d’utiliser~~code, lecheck ~~SMS,~~your ~~vous~~mobile ~~en recevrez un sur votre télé~~phone ~~mobile,~~and ~~qu’il~~enter ~~faudra~~the ~~insérer~~received ~~dans la fenêtre suivante :~~code:

LeThe ~~processus~~process sewill ~~terminera~~then etend ~~vous~~and ~~serez~~you ~~ensuite~~will ~~connecté~~be auconnected to the VPN!

When logging in to the VPN !

using

~~Lors~~edu-ID, dethe ~~l’activation~~authentication deprocess lauses ~~connexion~~an embedded browser, to be sure the browser is not unsecure or compromised. This means that you won't be able to save your edu-ID ~~sur~~password. leWe ~~VPN,~~recommend leusing ~~processus~~a ~~d’authentification~~password ~~passera~~management ~~par~~too unand ~~navigateur~~copy/pasting ~~embarqué,~~your ~~afin~~email deaddress ~~s’assurer que le navigateur ne soit pas vérolé ou compromis. Cela signifie que vous ne pourrez pas sauvegarder votre mot de passe~~and edu-ID ~~dans ce navigateur. Nous vous conseillons donc d’utiliser un gestionnaire de mot de passe, et copier/coller votre adresse email et mot de passe edu-ID.~~password.

Questions

~~Vous~~You ~~trouverez~~will ~~réponse~~find àthe ~~plusieurs~~answers to multiple questions ~~concernant~~concering ~~l'authentification~~multi-factor ~~multifacteurs~~authentication ~~sur~~on lethe ~~site officiel de~~official SWITCH edu-~~ID:~~ID website: https://help.switch.ch/eduid/faqs/?lang=~~fr#mfa~~en#mfa

~~0000000000000~~