Request MFA - HIFIS Documentation

HIFIS Documentation

Request MFA

HIFIS Documentation

Main
Main
- Overview
- Using Services
  Using Services
  - Getting Started
  - Create and manage groups
- Services Desk
  Services Desk
  - Golden Rules of Ticketing
  - Goldene Regeln für die Ticketbearbeitung
Helmholtz ID
Helmholtz ID
- Overview
- Concepts
  Concepts
- How-to
  How-to
  - ... authorise users for a service
  - ... enable MFA
  - ... join a group/VO
  - ... join as a Service Provider
    ... join as a Service Provider
    
    Overview
    
    Register the service
    
    Request claims within token
    
    Request MFA Request MFA
    Table of contents
    
    MFA login
    
    Request MFA at the login
    
    Need help?
    
    Local Testing and Development (HIDaH)
  - ... join as an Identity Provider
    ... join as an Identity Provider
    
    Overview
    
    Basic requirements for Attribute Query
    
    Shibboleth 4 configuration
    
    Transfer MFA information
  - ... log in as an user
  - ... manage a VO
    ... manage a VO
    
    Basics
    
    Detailed
  - ... perform security incident responses
  - ... register a VO
    ... register a VO
    
    Basics
    
    Detailed
  - ... use OIDC-Agent
  - ... work with roles
- Tutorial
  Tutorial
  - User Login
- Reference
  Reference
  - Attributes
    Attributes
    
    Available attributes
    
    Affiliation mapping
    
    Expressing Assurance
  - Connected Organisations
  - Implement generic AAI Proxy
  - Namespaces+Registry
  - Policies
    Policies
    
    Overview
    
    Document History
    
    Checklist
  - Registered VOs
  - Resource Capabilities
  - Use 2FA and SSH
  - Virtual Organisations (VOs)
Helmholtz Cloud
Helmholtz Cloud
- Overview
- Service Onboarding
- Conditions and Benefits
  Conditions and Benefits
  - Conditions on Services
  - Benefits for Providers
- Resource Management
  Resource Management
  - How to Integrate Resource Management
  - How to Build your own Helmholtz Cloud Agent
  - Technical Reference
    Technical Reference
    
    Resource Schemas
    
    Cloud Agent
- Service Operation
  Service Operation
- Selected Services
  Selected Services
  - Mattermost
    Mattermost
    
    Getting Started
    
    Team Admins
    
    Service Changelog
  - InfiniteSpace
    InfiniteSpace
    
    Overview
    
    Apply for Usage
    
    Access Models
    
    AUP
    
    rclone Access
  - Nubes
    Nubes
    
    Overview
    
    AAI integration
  - bwSync&Share
  - Events / Indico
  - Rancher
  - DataHub
  - Trusted Network
  - Data Transfer Service
- Process Framework
  Process Framework
  - Chapter Overview
  - General Points
    General Points
    
    Document History
    
    Validity of this Document
    
    Delimitations
    
    List of Abbreviations
  - Introduction
    Introduction
    
    What is HIFIS
    
    What are the goals of HIFIS Cloud
    
    What are the goals of this Process Framework
  - Service Portfolio Management
    Service Portfolio Management
    
    Service Portfolio Management in terms of ITIL – what’s part of it?
    
    Service Type Definitions
    
    The service catalogue and its structure
    The service catalogue and its structure
    
    Service Catalogue
  - Processes regarding the service portfolio
    Processes regarding the service portfolio
    
    Overview
    
    Service Recruiting Process
    
    Service Onboarding Process
    
    Follow-up Onboarding Process
    
    Operation of Services
    
    Offboarding Process
    
    Review Process for the Service Portfolio
- Service Portfolio Review
- Cloud Service KPI
  Cloud Service KPI
  - KPI overview
  - Details of calculation
- Initial Service Portfolio
  Initial Service Portfolio
Software Development
Software Development
- Infrastructure
  Infrastructure
  - Codebase Overview
  - Getting Started
  - Continuous Integration
  - Publishing Open Educational Ressources
  - Integrations
    Integrations
    
    Kroki
    
    Dependabot
    
    Helmholtz ID
  - Service Changelog
  - Two-Factor Authentication (2FA)
- Courses
- Workshop Materials
- Community Building
- Consulting
- Consulting Handbook

Besides the user initiated login using Multi-factor Authentication (MFA), services may also request MFA at the login. This may be based on several reasons, like sensitive data or privileges at the service itself.

Helmholtz ID supports the request for MFA during login for OIDC services. This is done according the OIDC standard by adding the acr_values parameter to the authentication request. The most reliable value is https://refeds.org/profile/mfa.

E.g.

https://login.helmholtz.de/oauth2-as/oauth2-authz?response_type=code&client_id=...&redirect_uri=...&scope=...&acr_values=https://refeds.org/profile/mfa

For further information, please read the OpenID Connect Core 1.0 standard.

Need help?¶

Contact us if you need help.

How to request MFA information during user’s login¶

MFA login¶

Request MFA at the login¶

Need help?¶