====== 5-Minute Activation of the Second Factor for INFN-AAI ======

//Istruzioni in italiano: [[cn:ccr:aai:doc:2fa:rapid|]]//

The second factor consists of a **One Time Password (__OTP__)**, a short-lived disposable password, generated each time via an application on your smartphone. As a backup method, it is possible to print [[cn:ccr:aai:doc:2fa-en:ppr|]]
===== 1. Installing the OTP Generation Application =====

  * //NOTE: The recommended application is privacyIDEA Authenticator on your smartphone. Otherwise, check other [[cn:ccr:aai:doc:2fa-en:app]]. Once you have the application, proceed to the next step.//

  * **ON YOUR SMARTPHONE**:
  * 1) **Download the privacyIDEA Authenticator app from [[https://play.google.com/store/apps/details?id=it.netknights.piauthenticator|Play Store Android]] or [[https://apps.apple.com/us/app/privacyidea-authenticator/id1445401301|Apple Store]]**
  * 2) Ensure the application opens without issues;
  * 3) Close the application for now and proceed to the next step.

===== 2. Linking the Application to Your Account =====

  * **ON YOUR COMPUTER**:
  * 1) Go to [[https://mfa.app.infn.it/]];
  * 2) Log in with INFN-AAI;
  * 3) In the window, select "**Enroll Token**" / "**Registra token**" on the left;
  * 4) Click the button at the bottom "**Enroll Token**" / "**Registra token**";
  * 5) A QR Code will be displayed;

  * **ON YOUR SMARTPHONE**:
  * 6) Open the OTP management application and scan the code on the computer (for privacyIDEA Authenticator, click the button at the bottom center);

  * **ON YOUR COMPUTER**:
  * 7) Read the six-digit OTP on your smartphone and enter it in the textbox under "**Please enter a valid OTP value of the new token**";
  * 8) Click the "**Verify Token**" button.

  * <color #ed1c24>WARNING: complete all steps - **up to verification - steps 7 and 8** - otherwise, two-factor authentication will not be activated!</color>

==== Demo Video ====
  * {{:cn:ccr:aai:doc:2fa:attivazione.mp4?400| }}
===== 3. Close and reopen the browser =====

  * The browser retains the state prior to obtaining the second factor, so to make it "forget" this state, it is necessary to close it.

===== 4. Using the OTP =====

  * From now on, every INFN-AAI login will also require entering the OTP.
  * Open the application on your smartphone and copy the displayed code.

===== Further Information =====
  * [[cn:ccr:aai:doc:2fa-en:]]
  * [[cn:ccr:aai:doc:2fa-en:app|]]