This guide will walk you through the steps to map your Ubuntu user account to your idQ Trusted device to enable idQ Enterprise push notification as the second authentication factor for login. It also describes how to login to Ubuntu server with idQ Enterprise push notification as a second authentication factor once your account has been mapped to the idQ Enterprise platform.



These instructions require

  • Ubuntu Linux server that includes
    • idQ PAM for Ubuntu connector installed
    • SSH compatible terminal application
  • Valid Linux user account that has been configured to use idQ push notification as the second authentication factor
  • Mobile device
    • idQ Access app installed, registered with idQ Enterprise
    • Internet access


First Time Login: Map Your Linux Account to Your idQ Enterprise User Account


 


Before you can log in using two factor authentication with idQ push notification, you must first map your Linux account to your idQ account.

There are two ways that two factor authentication (2FA) can be configured using idQ PAM for Linux:

  1. 2FA with username/password as the first authentication factor, and idQ Enterprise push notification as the second authentication factor
  2. 2FA with RSA as the first authentication factor, and idQ Enterprise push notification as the second authentication factor

Follow the appropriate instructions to map the desired 2FA configuration to your idQ account.


  Two Factor Authentication Using Username/Password and idQ Enterprise Push Notification


  1.  Log into the Ubuntu Server
  2. A QR code will be displayed on the SSH terminal.
  3. Launch the idQ Access app on your mobile device.
  4. Scan the QR code with idQ Access app. 

  5. If a password is required to authorize the mapping between a Linux account and an idQ account, you will need to input your Linux password. 

  6. A push notification will be sent to your mobile device so that you can authorize the mapping of the Linux account to your idQ account.  Approve the request using idQ Access

  7. You have now successfully mapped your Linux account to your idQ account.

    You will not yet have been authenticated. You will see an Access Denied message indicating that you have not been logged in.  

    • You will be prompted to enter your password again for primary authentication to log in. Enter your Linux password.

    • Another push notification will be sent to your mobile device for secondary authentication if your username/password credential has been validated.  Use idQ Access to approve the request.

  8. This will complete the two-factor authentication process and you will be logged in to your Linux account.


Two Factor Authentication Using RSA and idQ Enterprise Push Notification


  1.  Log into the Linux Server with RSA private key certification for the first time.

  2. A QR code is displayed on the SSH terminal.
  3. Launch the idQ Access app on your mobile device.
  4. Scan the QR code with idQ Access app. 

  5. Once the mapping between your Linux account and your idQ account has been accomplished, you will be logged in to your Linux account.


Login to Your Linux Account


Follow the instructions for the 2FA configuration that applies to your Linux account for login.


Login Using Two Factor Authentication With Username/Password and idQ Enterprise Push Notification


  1.  Perform an SSH login request from your SSH Terminal and input your Linux password.

  2. A push notification will be sent to your mobile device.
  3. Approve the request using idQ Access on your mobile device.
  4. You will be logged into your Linux account.


Login Using Two Factor Authentication With RSA and idQ Enterprise Push Notification


  1.  Perform an SSH login request from your SSH Terminal and submit private key certification.

  2. A push notification will be sent to your mobile device.

  3. Approve the request using idQ Access on your mobile device.

  4. You will be logged into your Linux account.


 



Congratulations! You have completed the installation and configuration of idQ PAM for Ubuntu by following these instructions for your specific Ubuntu platform. If you have any issues with configuring or using idQ PAM for Ubuntu, please contact support@inbaytech.com for assistance.


First Time Login from Windows platform to Linux box


The standard Windows PuTTY does not support QR code. User should login to Linux box via putty using a user account which is not part of the idQ PAM user group. It can be a guest user account. The QR code can be displayed through ssh.


Steps to follow: 


  1. Open Windows Putty and ssh login to Ubuntu platform with an account which hasn't been mapped to idQ Enterprise yet (i.e. use a guest user account).
  2. A QR code will be displayed on the SSH terminal.
  3. Launch the idQ Access app.
  4. Scan the QR code with idQ Access app. 

  5. If a password is required to authorize the mapping between a Linux account and an idQ account, you will need to input your Linux password. 

  6. A push notification will be sent to your mobile device so that you can authorize the mapping of the Linux account to your idQ account. Approve the request using idQ Access

  7. You have now successfully mapped your Linux account to your idQ account.

    If you are using account / password as your first authentication method, you will not yet have been authenticated. You will see an Access Denied message indicating that you have not been logged in.  

    • You will be prompted to enter your password again for primary authentication to log in. Enter your Linux password.

    • Another push notification will be sent to your mobile device for secondary authentication if your username/password credential has been validated.  Use idQ Access to approve the request.

  8. This will complete the two-factor authentication process and you will be logged in to your Linux account.


  • No labels