Two-factor authentication (2FA) refers to an authentication method in which a user is granted access to the Cineca HPC systems (currently mandatory to access Leonardo) only after successfully presenting two pieces of evidence (or factors). Verifying your identity, using an independent second factor, prevents other users from logging in with your identity, even if they have the password. Two-factor authentication (hereafter 2FA) therefore adds a further level of security to the authentication for access to services based on the Identity Provider.

The new access mode proposed is entirely transparent for the user, who continues to use the ssh client as usual. During the first connection, the user will see a web page open in his browser where she/he will authenticate to our Identity Provider. Once authentication has taken place, the server will issue a timed certificate which can be used to connect to Cineca systems via SSH client.

First access - How to activate the 2FA and configure the OTP

In order to enable the 2FA you need to authenticate on this page https://sso.hpc.cineca.it using username and password you use to connect to CINECA clusters.

At the first login you will be forced to verify your email, change the password and configure your OTP (One-Time Passowrd) code that will be requested in addition to the password when loggin in to our clusters (where 2FA has been forced as the only way to access).

Qui ci vorrebbe una verifica pratica che la sequenza è quella e prendere qualche snapshot da mettere e qualche frasetta di spiegazione.

< i documenti che ha mandato Max sono pieni di immagini per spiegare i passaggi, possiamo usare quelli>