|
|
|
For security reasons, and in preparation to validate gitlab.esa.int for PL2 data, we are enforcing Two Factor Authentication on September 1st.
|
|
|
|
For security reasons, and in preparation to validate gitlab.esa.int for PL2 data, we are enforcing Two Factor Authentication on September 1st.
|
|
|
|
|
|
|
|
Two-factor authentication (2FA) provides an additional level of security to your GitLab account. For others to access
|
|
|
|
your account, they would need your username and password _and_ access to your second factor of authentication.
|
|
|
|
Two-factor authentication (2FA) provides an additional level of security to your GitLab account. For others to access your account, they would need your username and password _and_ access to your second factor of authentication.
|
|
|
|
|
|
|
|
GitLab supports as a second factor of authentication:
|
|
|
|
|
|
|
|
- Time-based one-time passwords (following the [TOTP](https://datatracker.ietf.org/doc/html/rfc6238) standard). When enabled, GitLab prompts
|
|
|
|
you for a code when you sign in. Codes are generated by your one-time password authenticator (for example, a password
|
|
|
|
manager on one of your devices).
|
|
|
|
|
|
|
|
- WebAuthn devices. You're prompted to activate your WebAuthn device (usually by pressing a button on it) when
|
|
|
|
you supply your username and password to sign in. This performs secure authentication on your behalf. **WebAuthn requires to setup TOTP first**.
|
|
|
|
|
|
|
|
- Time-based one-time passwords (following the [TOTP](https://datatracker.ietf.org/doc/html/rfc6238) standard). When enabled, GitLab prompts you for a code when you sign in. Codes are generated by your one-time password authenticator (for example, a password manager on one of your devices).
|
|
|
|
- WebAuthn devices. You're prompted to activate your WebAuthn device (usually by pressing a button on it) when you supply your username and password to sign in. This performs secure authentication on your behalf. **WebAuthn requires to setup TOTP first**.
|
|
|
|
|
|
|
|
## Steps to activate TOTP
|
|
|
|
|
| ... | ... | @@ -19,13 +13,9 @@ GitLab supports as a second factor of authentication: |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Please note that in the next step you can use the QR code (if you are using a device with a camera) or the Key above.
|
|
|
|
|
|
|
|
|
|
|
|
2. Setup the one-time password tool
|
|
|
|
|
|
|
|
- **(Option 1) Using your phone**
|
|
|
|
2. Setup the one-time password tool in a **smartphone** or **computer**
|
|
|
|
- **(Option 1) Using a smartphone**
|
|
|
|
1. Install a compatible application. For example:
|
|
|
|
- [Authy](https://authy.com/)
|
|
|
|
- [FreeOTP](https://freeotp.github.io/) (recommended)
|
| ... | ... | @@ -35,36 +25,28 @@ GitLab supports as a second factor of authentication: |
|
|
|
2. In the application, add a new entry in one of two ways:
|
|
|
|
- Scan the code displayed by GitLab with your device's camera to add the entry automatically.
|
|
|
|
- Enter the details provided to add the entry manually.
|
|
|
|
- **(Option 2) Using a computer**
|
|
|
|
|
|
|
|
- **(Option 2) Using your KeePassXC** (tool available in the ESA Software Center)
|
|
|
|
|
|
|
|
_The example uses KeePassXC, a tool available in the ESA Software Center. There are alternatives like_ [_WinAuth_](https://winauth.github.io/winauth/download.html) _(available for Airbus employees)_
|
|
|
|
1. If not installed already, install KeePassXC from the ESA Software Center (Windows) or ESA Self-Service Portal (macOS)
|
|
|
|
2. If you have not use KeePassXC yet, configure a password database using the startup wizard.
|
|
|
|
3. Create a new entry for Gitlab
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4. Activate TOTP for the new entry
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5. Paste the Key from Gitlab into the field, and you are done! You can now get one-time passwords from the tool.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3. **In GitLab**
|
|
|
|
1. Enter the six-digit pin number from the entry on your device or KeePassXC into **Pin code**.
|
|
|
|
2. Press **Register with two-factor app**
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3. If you entered the correct pin, GitLab displays a list of [recovery codes](#recovery-codes). Download them and keep them in a safe place.
|
|
|
|
4. Once downloaded, press **Proceed**
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## Steps to setup a WebAuthn device
|
|
|
|
|
|
|
|
WebAuthn is an authentication standard supported by all major browsers (Chrome, Edge, Firefox, Safari). It allows to authenticate using physical keys (e.g., Yubikey hardware keys) or biometric mechanisms (e.g., macOS/iOS TouchID or Windows Hello).
|
| ... | ... | @@ -75,5 +57,4 @@ You need to have 2FA via TOTP first (the previous section). |
|
|
|
2. Press **Set up new device** and select your preferred option in the browser pop up.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3. Follow the steps. |
|
|
\ No newline at end of file |
