Website ‘local account’ MFA
The majority of users login to Edge Hill University websites using a ‘network account’, this has both the benefit of logging in with a consistent set of credentials, with consistent security features and familiar login interface/url which remains the same regardless of the service you are connecting to.
However some of our websites also allow for ‘local accounts’, we try to use these accounts only as a last resort and for specific circumstances. These can be issued for a variety of reasons including ‘break glass/emergency access’ accounts, test user accounts, restricted service provider accounts, temporary access, etc.
Until recently, the only security for these accounts was a combination of usernames with a strong password. However this offers very limited protection, being vulnerable to brute force attacks. We are now rolling out enhanced security, or MFA, for these accounts. Details for this can be found below.
If you login to these websites with a ‘network account’ such as ‘Login using Edge Hill University SSO’ then this does not apply to you. You already have MFA managed on your Edge Hill University account, this is only relevant to users logging in with a ‘local account’.
‘local account’ MFA method 1: One Time Password
You will soon notice a new field on the ‘local account’ login form called ‘EHU One Time Password’ (as shown in the screenshot). When you’ve been enrolled on ‘local account’ MFA, you will be required to enter a single use password in addition to your username and password each time you login.
Once enrolled, your ‘local account’ access to the website will be blocked without a valid code. Codes are valid for and expire after 30 seconds.
There are currently 2 ways to generate a one time password thats valid for your account,
- Preferred and easiest: authenticator application.
- This method allows you to use an application or browser extension to generate a code for you. You then enter this into the ‘EHU One Time Password’ field.
- This method allows you to use an application or browser extension to generate a code for you. You then enter this into the ‘EHU One Time Password’ field.
- Alternative: we can e-mail them to you.
- This method requires you to login to your account twice. Once to trigger the e-mail containing your one time password to be sent, you then enter this into the ‘EHU One Time Password’ field.
OTP – Application setup guide
- Login to your account
- Navigate to ‘Users’ -> ‘Profile’
- Scroll to the ‘EHU SSO’ section
- Option 1 – Scan the QR Code using your authenticator application
- If your authenticator application supports scanning QR Codes, then scan the provided QR code from within the application, you will now be prompted to confirm setup.
- If your authenticator application supports scanning QR Codes, then scan the provided QR code from within the application, you will now be prompted to confirm setup.
- Option 2 – Select the ‘Setup in my default OTP application’ link
- If your authenticator application supports OTP setup links, you will now be redirected to your authenticator app to confirm setup.
- If your authenticator application supports OTP setup links, you will now be redirected to your authenticator app to confirm setup.
- Option 3 – Add it manually to your authenticator app
- If your authenticator app doesn’t support OTP setup links, copy the code shown next to ‘EHU SSO MFA – OTP Secret’. Paste this code into your authenticator application.
- If it asks for an issuer, enter the website address the code is for. e.g. blogs.edgehill.ac.uk
- If it asks for a username, enter your local account username
- Test the one time password provided by your authenticator application
- Please login using the one time password provided by your authenticator application in the ‘EHU One Time Password’ field
OTP – E-Mail setup guide
- Login to your account without a One Time Password
- If your username and password are correct, you will be redirected back to the login screen. A notice at the top will display a message similar to ‘One time password was invalid, please check your email address for a new EHU One Time Password.’
- If your username and password are correct, you will be redirected back to the login screen. A notice at the top will display a message similar to ‘One time password was invalid, please check your email address for a new EHU One Time Password.’
- Check your E-Mails
- You should now receive an e-mail from Edge Hill University, it will have a subject of ‘EHU One Time Password’
- When you open this e-mail, it will contain a message similar to ‘Hi username, your local account one time password is: 123456’
- Test the one time password provided by your e-mail
- Please login again using this one time password provided by our e-mail in the ‘EHU One Time Password’ field.
‘local account’ MFA method 2: Security Keys
TBA