Multi-factor Authentication

General

This guide is about activation and usage of CSC customer account multi-factor authentication (MFA). CSC MFA is based on a Haka MFA component developed inside CSC, and it also integrates to the MFA solutions that Universities offer for their Haka accounts.

MFA uses the Time based one-time password (TOTP) protocol which can be used in standard mobile phones without additional separate MFA tokens etc. The usage of TOTP protocol based MFA client is free for the end-user. There are many different TOTP clients for different mobile phone brands, and user is free to choose any of those.

The activation of the MFA is needed once for the CSC services for research. CSC will take the MFA into use service-by-service, and you can check for example from this page which CSC research services use the MFA currently.

• Time based one time password
• Multi-factor Authentication applications available

Before using CSC MFA

In order to use the CSC MFA, you need

1. CSC user account and password. If you don't yet have them, please go to the CSC customer portal MyCSC to register a new account.
2. A device for TOTP client and an activated MFA functionality. The services will prompt you with an additional pass-code when authentication to a CSC service with MFA.

Activation of MFA

In order to use the CSC MFA, you need a TOTP client to your mobile phone. One known client application is Google Authenticator, but other clients work as well. Please install the client to your device according to the clients own instructions.

To activate the CSC MFA, login to the MyCSC customer portal and go to MyProfile view.

There you will find the Enable MFA functionality, which creates the personal secret to be used in your MFA client. This functionality requires and additional authentication with your user account and password. Then take the secret into use in your device by reading in the QR code in your TOTP application.

MyCSC will now check if you have successfully imported the MFA secret to Google Authenticator, by asking you to provide a verification that has been generated by Google Authenticator using the imported MFA secret.

This activates the MFA client for you.

Usage of MFA Authentication to a CSC service using MFA happens in a standard way. First the services prompts you with normal user account and password dialogue, and after that the additional second factor is asked from your TOTP client.

Read the 6-digit code, and fill it into the field in the service dialogue.

Problems with MFA

You can disable your MFA by contacting CSC Service Desk. Currently there is a process that requires you to prove your identity when removing the old MFA configuration, before activating the MFA again. You can have one TOTP client in use at any time. If you lose or replace your device, please contact CSC Service Desk.

Do you find this page useful?

Yes

Thank you for your feedback!

No

Thank you! Your feedback is appreciated.

Please let us know how we could improve this page by contacting us or by creating an issue in GitHub. You can also edit this page yourself and contribute your improvements by creating a pull request.