English manual
To connect to an online service, we use a personal identifier coupled with a password to prove our identity and get to the service hosted internally or in the cloud.
But passwords have become vulnerable and easy to compromise, especially through phishing.
To lower identity risks, an additional layer of security in the form of an additional verification method is now used by many providers.
This method is usually called “two-step verification” or “Multi-Factor Authentication (MFA)”.
What purpose ?
MFA allows to improve the security of the organization because
- passwords are vulnerable to attacks (by brute force),
- passwords can be stolen by third parties (phishing),
- sensitive accounts must be protected (administrators, search data, etc.)
How does it work ?
The user goes to his preferences management interface (MFA methods) to give useful personal information (mobile telephone number, personal email address).
MFA Methods
Single-use random codes : Sent by SMS or email
TOTP : Time-Based One-Time Code : ESup Auth Mobile App, Google Authenticator, FreeOTP
Push : Validation by telephone (notification) ; Esup Auth application available on Android and IOS
How to set up your MFA access ?
To set up your MFA access, go to the ESUP OTP Manager digital service (https://mfa.univ-st-etienne.fr) to state your preferences.
Be aware that this service is only accessible on the University's wired network or from the UJM VPN (necessary in Wifi and in teleworking mode).
When stating your preferences, you should set up at least 2 methods in order to ensure the continuity of use of digital services.
You can choose either Code by SMS, either Code by Email, or Notification (Esup Auth).
Code method by SMS
This method relies on the use of your smartphone.
It allows two-factor authentication using a single-use random code sent by SMS.
To enable this method, slide the slider to “Enable”.
Add your phone number, then click "SAVE"
Click the “CHECK” button
You should receive a test message on your smartphone
Email Code Method
This method relies on the use of your personal messaging and does not require the use of a smartphone.
Activating this method will allow you to authenticate even if you forget or lose (theft) your smartphone.
To enable the method, slide the slider to “Enable”
Add your personal email address, then click "SAVE"
Click the “CHECK” button
You should receive a test message on your smartphone.
Notification method (Esup Auth)
This method relies on the use of your smartphone
You must install the Esup Auth mobile application on your smartphone (Android or iOS).
Once launched, this application will show you the steps.
Time Code Method (TOTP)
This method relies on the use of your smartphone.
It allows two-factor authentication using a single-use code generated by a mobile application.
To enable the method, slide the slider to “Enable”.
When setting up, press the 'Generate QrCode' button, then scan it using your Esup Auth mobile application.
During the next authentication request, an Esup Auth window will appear asking you to validate a nearby connection request.
If it’s you, just accept it.
Code method by physical factor (Web Authn)
WebAuthn authentication relies on unlocking devices integrated into computers, smartphones and tablets (facial, digital recognition, PIN code, model, USB/NFC security key, etc.). To enable the method, slide the slider to "Enable", choose your media type and register your key. When logging into facility resources, you will be asked to confirm your identity.
F.A.Q.
* I don't see any method : no SMS code, no messaging, no push.
Go to the manager and make sure you have enabled at least one of the methods.
* I can see the methods that I have activated, but I do not receive any codes.
Re-trigger a sending and if there is no change, check the information provided (Telephone, personal email address) on Esup OTP Manager.
* Which tool should I use to scan QRCodes?
Use the ESup Auth mobile application to install on your smartphone (IOS; Android)
* Each time I connect to my UJM account, the Multi-Factor Authentification asks me for a code.
In the Firefox browser, Tools/Settings/Privacy and security menu : Paragraph Cookies and site data, click on “Manage exceptions”
Add univ-st-etienne.fr in the Website Address field.
Click the “Save Changes” button.
* I travel abroad ; what should I do ?
SMS messages are sent from an application hosted in a European data center used by our operator (broker).
You've got nothing to change in your configuration as long as you use a French or European mobile phone provider.
You cannot add +33 before your mobile number in the ESUP OTP Manager application, so only french numbers are allowed.
Since the SMS is sent to you by the broker's operator, the delivery cost is invoiced to the UJM/DNUM.
If you travel abroad, (especially outside the Europe zone), there won't be any blocking, so make sure your are able to receive SMS and above all that you have activated other authentification methods.