Strong authentication

The strong authentication available in GASPAR is being phased out. It is still used for rare services that use Tequila for multi-factor control (IS-Academia for Teachers, professors activities tool)

To configure your new authentication, please visit the Entra ID multi-factor authentication page.

 

Secure code is a six-digit code provided by Google Authenticator installed on your smartphone or by an authentication token.

Those users already having a Gaspar account and who need access to an application requiring Strong Authentication (two step authentication based on a password and one-time token), must activate this service on their smartphone.

If you do not have either, please read the following carefully or contact [email protected], as the service you are accessing requires a code in addition to your password for security reasons.

General information

Nowadays, access to critical services or applications cannot be secured only with passwords, regardless of complexity. Adding another level of security is necessary.

Strong Authentication, such as what is used for online access to a bank account (e-banking), is defined by the verification of access mixing different strategies or including several levels. Different methods exist such as one time pads, chip cards, telephones, email, etc.

Strong Authentication at EPFL

The first level of security offered by Tequila is strengthened  by the Strong Authentication system. Access is granted after a two step validation. The user must enter a password and a one time security code.

The strong authentication configuration is based on the user’s GASPAR account.

There are two methods to use it:

Which users are concerned by Strong Authentication at EPFL?

Only those users registered in Gaspar and requiring access to critical applications that need to enhance access to important information can use strong Authentication

If you have changed mobile equipment (smartphone or tablet) or lost your secret key, you should contact your Gaspar Administrator to get a new secret key.

In case of problems to obtain your secret key, please send an email to Service Desk.

Please contact your Gaspar administrator to ask him to delete the Strong Authentication on your account.

Warning: This operation will destroy all secret codes. You will have to reconfigure your application that generates the temporary codes with a new secret key and also print a new list of emergency codes.

The Gaspar administrator of your unit can initialize Strong Authentication for people with mobile equipment (tablet and/or smartphone).

Persons without mobile equipment can request the allocation of an authentication token by completing the form “Request to assign an authentication token“.

The key containing the secret cannot be read back, so installing strong authentication on a second device requires reinstalling it on the first device as well:

  1.  authenticate on Gaspar,
  2. click on modify strong authentication,
  3. and also authenticate with your access code,
  4. click on “Change smartphone” and follow the procedure until you see the QR-code
  5. scan this QR-code on both your equipments (the secret key present on the first equipment will not be valid anymore, it must be replaced by the new key),
  6. do a test to check that both your equipments are working.

If you have changed mobile equipment (smartphone or tablet) or lost your secret key, you should contact your administrateur Gaspar to get a new secret key.

In case of problems to obtain your secret key, please send an email to Service Desk ([email protected]).

The strong authentication statements on the Gaspar account are:

  • inactif: strong authentication is not enabled on the account.
  • init: strong authentication has been configured by the Gaspar administrator. The account is waiting for the user to initialize the secret key.
  • test: the user must test the validity of a tequila login with strong authentication.
  • actif: the account is activated.

The basic settings for Google Authenticator on an iPhone device are:

  • Display 24H -> activated
  • Automatic adjustment -> off
  • Time zone Bern or Zurich