... transfer MFA information - HIFIS Documentation

HIFIS Documentation

... transfer MFA information

Helmholtz Codebase

HIFIS Documentation

Helmholtz Codebase

Main
Main
- Overview
- Using Services
  Using Services
  - Getting Started
  - Create and manage groups
Helmholtz ID
Helmholtz ID
- Overview
- Concepts
  Concepts
- Integration of services
  Integration of services
- Operations
  Operations
  - Security Procedures
  - Mailing lists
- How-to
  How-to
  - ... use Helmholtz ID
    ... use Helmholtz ID
    
    Overview
    
    ... to log in as a user
    
    ... to join a group/VO
    
    ... to create a group/VO
  - ... register a VO
  - ... manage groups in VOs
  - ... join as an Identity Provider
    ... join as an Identity Provider
    
    Overview
    
    Basic requirements for Attribute Query
    
    Shibboleth 4 configuration
  - ... authorise users for a service
  - ... enable MFA
  - ... transfer MFA information ... transfer MFA information
    Table of contents
    
    MFA login
    
    Simplified MFA-backed login: MFA Honoring
    
    Need help?
  - ... use OIDC-Agent
- Policies
  Policies
- Reference
  Reference
Helmholtz Cloud
Helmholtz Cloud
- Overview
- Service Onboarding
- Resource Management
  Resource Management
  - How to Integrate Resource Management
  - How to Build your own Helmholtz Cloud Agent
  - Technical Reference
    Technical Reference
    
    Resource Schemas
    
    Cloud Agent
- Service Operation
  Service Operation
- Selected Services
  Selected Services
  - Mattermost
    Mattermost
    
    Getting Started
    
    Team Admins
    
    Service Changelog
  - InfiniteSpace
    InfiniteSpace
    
    Overview
    
    Apply for Usage
    
    Access Models
    
    AUP
    
    rclone Access
  - Nubes
    Nubes
    
    Overview
    
    AAI integration
  - bwSync&Share
  - Events / Indico
  - Rancher
  - DataHub
  - Trusted Network
  - Data Transfer Service
- Process Framework
  Process Framework
  - Chapter Overview
  - General Points
    General Points
    
    Document History
    
    Validity of this Document
    
    Delimitations
    
    List of Abbreviations
  - Introduction
    Introduction
    
    What is HIFIS
    
    What are the goals of HIFIS Cloud
    
    What are the goals of this Process Framework
  - Service Portfolio Management
    Service Portfolio Management
    
    Service Portfolio Management in terms of ITIL – what’s part of it?
    
    Service Type Definitions
    
    The service catalogue and its structure
    The service catalogue and its structure
    
    Service Catalogue
  - Processes regarding the service portfolio
    Processes regarding the service portfolio
    
    Overview
    
    Service Recruiting Process
    
    On boarding process for new services
    
    Follow-up Onboarding Process
    
    Operation of Services
    
    Offboarding process for services
    
    Review process for the service portfolio
- Service Portfolio Review
- Cloud Service KPI
  Cloud Service KPI
  - KPI overview
  - Details of calculation
- Initial Service Portfolio
  Initial Service Portfolio
Software Development
Software Development
- Infrastructure
  Infrastructure
  - Codebase Overview
  - Getting Started
  - Continuous Integration
  - Publishing Open Educational Ressources
  - Integrations
    Integrations
    
    Kroki
    
    Dependabot
    
    Helmholtz ID
  - Service Changelog
  - Two-Factor Authentication (2FA)
- Courses
- Workshop Materials
- Community Building
- Consulting
- Consulting Handbook

Helmholtz ID uses Multi-factor Authentication (MFA) in two cases:

It is mandatory for group/VO management since mid 2023.
It can be activated by users for any other login.

The query to provide MFA in Helmholtz ID is skipped if the following conditions are fulfilled:

The user provided a second factor already during log in at the home IdP
The home IdP transmits the MFA information as follows:
- Ensure to fulfil the requirements of the REFEDS MFA profile
- Send https://refeds.org/profile/mfa in the AuthnContextClassRef element of the SAML Assertion

Need help?¶

Contact us if you need help.

How to transfer MFA information during user’s login¶

MFA login¶

Simplified MFA-backed login: MFA Honoring¶

Need help?¶