aedifion.io - Security - Authentication via SSO
Secure access to aedifion.io
Authentication via Single Sign On¶
After your company administrator created your personal user account on the aedifion platform, please use the Login via Single Sign On (SSO) or rather OAuth2.0 to access the aedifion services.
On your initial attempt to access the services, please use the "Forgot Password?"-functionality below the login information:
Figure 1: "Log In" screen
You will get forwarded to a page, where you have to provide your email address.
Figure 2: "Forgot Your Password?" screen
Figure 3: "Log In" screen with email receipt pop-up
After that you will receive an email to update your personal password. Please check your Spam Folder in case the mail is not in your inbox. The email is only valid for five minutes.
There are two ways to change your password if you know your credentials: Either do it in the security-section of your user details in the frontend:
Figure 4: Change password fields in the frontend
or via login to the authentication server: https://auth.aedifion.io/auth/realms/aedifion/account.
If you don't know your credentials please use the "Forgot Password?"-functionality, as described above.
Two factor authentication¶
To increase security many services offer or even require a second factor for authentication (called 2FA or TFA), e.g. a mobile phone or a specialized USB key. The reasoning behind it is that if your computer is compromised due to malware, or that somehow an attacker has acquired your login credentials, he still cannot access the service, because he does not have your second factor.
aedifion's authentication method allows an easy setup of a second factor via a mobile phone. Recommended mobile applications to use are FreeOTP+ or Google Authenticator. This tutorial will show you how to setup two-factor authentication with FreeOTP.
Login to the authentication server: https://auth.aedifion.io/auth/realms/aedifion/account with your known credentials.
Figure 5: Login to the authentication server
Navigate to Authenticator
Click on the left bar on "Authenticator". The new page will show a QR code.
Figure 6: Click on "Authenticator"
Scan the QR Code
Open "Scan this QR Code" with your application and point your phone's camera at the screen. A new account will be shown in the account list with the name Aedifion. When you click on the account, it will generate a six-digit number.
Figure 7: Scan the QR code
Enter this number
Enter this number in the form-field and click save. The code refreshes every 30 seconds. If the time ran out, just generate a new code by clicking on the account in the mobile application.
Figure 8: Enter the shown number in the field "One-time-code"
Congratulations, you now have enabled two-factor authentication for your account. Every time you log in, you will be requested to enter the current six-digit code from your mobile application.
Figure 9: Two-factor authentication successfully enabled