Preparation (Install the TOTP display function on the browser)

TOTP Settings It is possible to copy TOTP

Settings

Enter TOTP on the login screen 814422

In this manual, we will explain how to add the function extension to the PC web browser and

display the TOTP on the

web browser to start using the multi-factor authentication

. First,

set the initial settings and check the usage

. Then,

set to

receive “One Time Password (OTP)” by email other than Kyoto University email(@kyoto-u.ac.jp)

when you forget your

smartphone at home or when it breaks down, etc.

The second half of the manual describes the settings that

can be added according to your usage. If you use multiple

PCs, copy the settings to your smartphone, or if it is

expected that your PC will change due to personnel

changes, please make additional settings as necessary.

Published by Institute for Information Management and Communication

[Required settings]

Display and use TOTP on a PC web browser

Setup completed

Setting up the activation procedure

and TOTP display function on the procedure site

2

Initial setup procedure for multi-factor authentication

Step

4

OTP mail reception settings

Confirmation of multi-factor authentication usage

(OTP received by email)

Receive OTP by email

and confirm that multi-factor authentication is available

5

Confirmation of multi-factor authentication usage

(TOTP display on Web browser)

Display TOTP on a web browser

and confirm that multi-factor authentication is available

3

Preparation (Install the TOTP display function on the browser)

1

TOTP

Register an email address

*Register an address other than Kyoto University e-mail address that you can check e-mails from your workplace.

Thank you. Start using multi-factor authentication.

Additional settings can be set individually at any time if the setting up to this point [Display and use

TOTP on Web browser of PC] is completed.

However, if you are using a different PC from your

university and at home (such as those using multiple terminals or browsers), such as when working

from home, be sure to follow the instructions in

“[Additional settings 1] Another PC (or Web

browser) to display and use”

, continue your setting.

If you are having trouble setting up, the Information

Environment Support Center is here to help you.

Please set up multi-factor authentication when you

have enough time.

For the latest information and details, please see here: Web page for multi-factor authentication start guide https://u.kyoto-u.jp/mfa

Multi-Factor Authentication Setup Manual

W

(2nd edition)

Sep. 14, 2020

TOTP: Time-based one-time password OTP: One-time password

Cautions

Please note the following points when making the settings in this manual.

-If more than one person is sharing a PC, or if you don't have separate accounts for each user, they will need to

use their smartphones. The reason is that it is impossible to set up the initial setup for each user on the PC.

Please refer to the Multi-Factor Authentication Getting Started Manual "S" for the configuration of each

[Additional setting 2] Display and use TOTP on a smartphone (or tablet)

Duplicate TOTP information

2

Preparation (Installation of TOTP display app)

1

Setting procedure for displaying the same TOTP on smartphone

Do with your smartphone

Perform on PC + smartphone

Confirmation of multi-factor authentication usage

(TOTP display on smartphone application)

Display TOTP on the smartphone app

and confirm that multi-factor authentication is available

3

Confirmation of multi-factor authentication usage

(TOTP display on Web browser)

Display TOTP on a web browser

and confirm that multi-factor authentication is available

4

p. 21

How to delete files from KUMail storage

Preparing to use another PC (or Web browser)

2

Importing TOTP settings

3

Perform on PC

Perform on PC

[Additional setting 1] Display and use TOTP on another PC (or Web browser)

Save the setting details

1

Initial setup procedure for multi-factor authentication

Visit

https://addons.mozilla.org/firefox/addon/auth-helper/ Visit https://chrome.google.com/webstore/detail/authenticato r/bhghoamapcdpbohphigoooaddinpkbai

Visit

https://microsoftedge.microsoft.com/addons/detail/auth enticator/ocglkepbibnalbgmbachknglpdipeoio

Click “Add to Firefox”.

+ Firefoxへ追加 Click “Add”. 追加 Click “OK”. OK Click “Install”. インストール

Click “Add extension”.

機能拡張の追加

Click “Enable sync”.

同期を有効にする Click “Add to Chrome”.

Chrome に追加

Click “Add extension”.

機能拡張を追加

Click the extension icon on the toolbar and c l i c k t h e p i n m a r k t h a t l o c k s t h e Authenticator extension.

The Authenticator icon is added to the toolbar. Click this icon to use Authenticator from now on.

The Authenticator icon is added to the toolbar. Click this icon to use Authenticator from now on.

The Authenticator icon is added to the toolbar. Click this icon to use Authenticator from now on.

Firefox

*The display may differ depending on the PC environment.

Chrome

*The display may differ depending on the PC environment.

Edge

*The display may differ depending on the PC environment.

①

_{Add “Authenticator” extension to browser.}

Add the extended function “Authenticator” to the Web browser of your PC.

*You should use one of the following three browsers (firefox, chrome, or the new edge (Chromium version).

If you cannot find the icon display of Authenticator in the toolbar, check the “Extensions*” list of each browser. *The name differs depending on the browser, and is named “Other tools”, “Settings, etc.”.

Step

1

Preparation (Install the TOTP

display function on the

browser)

(Perform on PC)

[Required settings] Display and use TOTP on a PC web browser

②

_{Make sure that the clock on the PC to which you have added the extension is correct.}

*If the time is not correct, some error will occur in step 2 ③_{. Please make sure to check the time setting before you start.}

The extension authenticator cannot be added to safari, Internet Explorer (IE), or old Edge.

First, please set up your browser with the following recommendations.

After that setup, you can use the recommended browser or smartphone app to get to know your TOTP. You can enter that TOTP into IE or safari so that you can authenticate in IE or safari as well.

Select “One-time password (token)” from the pull-down menu and click “Select”.

If the authentication method selection screen (screen below) is displayed: Multi-factor authentication is already activated. Start by setting the password as follows:

Click “Click here if you have not initialized your one-time password (TOTP) yet”.

After this is done, multi-factor authentication will be available and it cannot be reversed.

①

_{Setting of multi-factor authentication}

Please access to the following which is the activation procedure site (ID Management System).

https://idmpch1.iimc.kyoto-u.ac.jp/mfach/LoginServlet Enter SPSI-D and password, then click “Login”.

Step

2

Setting up the activation procedure

and TOTP display function

on the procedure site

Click “OK” on the confirmation screen.

Click “OK” on the activation completion screen.

Click the QR code scan mark on the Authenticator.

Since it becomes the scan mode, drag it so that it surrounds the QR code.

Click “OK”.

②

_{Initial setting of TOTP}

The QR code is displayed.

Click the Authenticator icon on the toolbar.

If you cannot find the icon display of Authenticator in the toolbar, check the “Extensions*” list of each browser.

*The name differs depending on the browser, and is named “Other tools”, “Settings, etc.”.

If you complete registration and confirmation using this QR code, the TOTP you registered previously will be invalid. (the displayed 6-digit value will be different).

If the QR code is not recognized here, enter it manually.

Go to page 12 “If the QR code is not recognized”.

③

_{Confirmation of TOTP}

Enter the 6-digit TOTP that is the number displayed on the Authenticator.

Click “Confirm”.

625804

Click “Register” to link the Authenticator of the browser with the multi-factor authentication of Kyoto University.

④

_{Log out from the setting page}

After switching to the setting completion screen, click the menu icon in the upper right and select “Logout”.

*After this, log out here to check the operation of multi-factor authentication.

To complete the preparation for linking TOTP with the application and authentication system, be sure to perform the following “③ _{Confirmation of TOTP”. If you interrupt this}

process, you will not be able to log in with the TOTP displayed.

If the clock setting on your PC is incorrect, the correct 6-digit TOTP will not be displayed. Even if you enter this TOTP, you will not be able to authenticate (login).

①

_{confirm that multi-factor authentication is}

available

Access the following page.

Multi-factor authentication system settings page https://auth.iimc.kyoto-u.ac.jp/user/

Input your SPS-ID and password. Click the “Login” button.

②

_{Select authentication method}

Select “One-time password (token)” from the pull-down menu and click “Select”.

③

_{One-time password login}

Enter the 6-digit TOTP displayed, check “Trust this browser”and click “login”.

*If you are using a PC that is shared with other people, do not check “Trust this browser” as it may reduce security.

814422

Confirmation of multi-factor authentication usage (TOTP display on Web browser)

3

Display TOTP on a web browser

and confirm that

multi-factor

authentication is available

TOTP: Time-based one-time password

TOTP

Completion of certification

When the screen shown on the right is displayed, the setup is complete.

Follow the steps in Step 4. Then you will be able to receive the OTP via email. Please set this up in advance, you will need it in case you leave your smartphone at home or if it breaks down.

If you check “Trust this browser” , you will only be able to log in with SPS-ID and password when you log in again with the same browser within a certain period of time.

Select “One-time password (token)” from the pull-down menu and click “Select”.

Enter your one-time password to log in.

①

_{Set the email address for getting the account}

Access the following page.

Multi-factor authentication system settings page https://auth.iimc.kyoto-u.ac.jp/user/

Input your SPS-ID and password. Click the “Login” button.

Step

4

Register an email address

OTP mail reception settings

After setting up the multi-factor authentication for the first time in Step 4, please set up email address for confirmation of use and OTP reception in Step 5.Please set up your email in advance for the case you forget your smartphone at home or your smartphone malfunctions. The email address will be used when TOTP is not available. Therefore, you need to set an email address that can be accessed by web browsers or other browsers, not a faculty/staff email address. It is preferable that the email address is not a faculty/staff email address.

Select the account settings.

Confirmation of multi-factor authentication usage (OTP received by email)

OTP: One-time password Step

5

Receive OTP by email

and confirm that

multi-factor

authentication is available

OTP

Input the email address for getting OTP and click the refresh button.

Please register an e-mail address other than your Kyoto University Mail for Faculty and Staff (KUMail) address that allows you to check e-mails from your workplace with a web browser.

*Also, do not register other email addresses that are being forwarded to Kyoto University Mail for Faculty and Staff (KUMail) by the automatic forwarding setting.

You cannot register your Kyoto University Mail for Faculty and Staff (KUMail) address.

Kyoto University Mail for Faculty and Staff (KUMail) : ex. [email protected]

ref:

Web site of Institute for Information Management and Communication: About Faculty and Staff Mail (KUMail)

http://www.iimc.kyoto-u.ac.jp/en/services/mail/kumail/

①

_{Make sure that the settings}

in Step 4 are complete.

First, access the link for logout from multi-factor authentication

https://auth.iimc.kyoto-u.ac.jp/pub/logout.php and log out of multi-factor authentication as well.

If you don't do this, because of the "Trust this browser" checkbox the step ② _{will be skipped. As a result, you}

②

_{Select authentication method}

Select “One-time password (token)” from the pull-down menu and click “Select”.

Click the link “Click here if you cannot login”. Access the following page.

Multi-factor authentication system settings page https://auth.iimc.kyoto-u.ac.jp/user/

Input your SPS-ID and password. Click the “Login” button.

If you click “Yes” to confirm the one-time password transmission, the one-time password will be sent to the notification email address.

This is the end of the setup. However, if you are using a different PC from your university and at home (such as those using multiple terminals or browsers), such as when working from home, be sure to follow the instructions in “[Additional settings 1] Another PC (or Web browser) to display and use”, continue your setting.

For the latest information and details, please see “Web page for multi-factor authentication start guide”

https://u.kyoto-u.jp/mfa

If you have any questions, please contact the following.

Institute for Information Management and Communication

ICT Support Center

Inquiry form: https://www.iimc.kyoto-u.ac.jp/en/inquiry/

Completion of certification

When the screen shown on the right is displayed, the setup is complete.

③

_{OTP login}

Enter the OTP sent to the notification email address. Check “Trust this browser”.

Click “Login”.

*If you are using a PC that is shared with other people, do not check “Trust this browser” as it may reduce security.

If you check “Trust this browser” , you will only be able to log in with SPS-ID and password when you log in again with the same browser within a certain period of time.

If the QR code is not recognized

❷ Click “If the QR code cannot be read”. ❶ Click “OK” on the error message screen of “Unable to recognize QR code.”

❸ Copy the word “secret”.

❹ Click the edit mark of Authenticator.

❺ Click “+”.

❻ Click “Manual Entry”.

❽ _{Check that the 6-digit TOTP is displayed} on the Authenticator and click “Register”. ❼ _{Enter an arbitrary name in “Issuer”.} Paste the character string copied in ❸ into “Secret”. Click “OK”.

[Additional setting 1]

Display and use TOTP on another PC (or Web browser)

①

_{-1 Export the setting details}

of the Authenticator

Click the Authenticator icon on the tool bar of the PC already set up multi-factor authentication.

Step

1

Save the setting details

Click on the Authenticator setting.

Click “Security”.

セキュリティ

Set the password and click “OK”.

How to display the same TOTP on a different PC

If you wish to use the currently used TOTP by displaying it on a web browser of another PC, add this setting. This setting

is necessary when you change your PC due to transfer within the university, when the PC you use at the university is

different from the one you use at home, or when you are using multiple browsers on the same PC.

TOTP: Time-based one-time password

[Additional setting 1] Display and use TOTP on another PC (or Web browser)

The password you set here will be used in [Additional setting 1] Step 3 “② Import the authenticator setting details” (p.19).

Click “OK”.

①

_{-2 Saving and reviewing backup file}

Click “Export/Import”.

エクスポート/インポート

Click “Download Password-Protected Backup”.

パスワードで保護されたバッ クアップをダウンロード

Check “Save the file” and click “OK” then backup file named “authenticator.json” will be saved.

(Make sure you have the backup file - authenticator.json - in your download folder.)

*Depending on your browser, the dialog shown on the right may not be displayed. The authenticator.json should be in the download location you've set up.

[Additional setting 1] Display and use TOTP on another PC (or Web browser)

D o n o t c l i c k d i re c t l y o n t h e b a c k u p f i l e n a m e d authenticator.json. If you click on it, you may get an error saying that there are no supported programs. Alternatively, an unrelated program may be launched and you may not be able to use the file. The authenticato.json should be used for importing from the plugin in Step 3.

②

_{Uploading the backup file}

Access the KUMail strage https://fsv.iimc.kyoto-u.ac.jp/

and login with your SPS-ID and password. Then Click “My folder”.

Click “Security”.

セキュリティ

Click "Delete". This will remove the password.

*You do not need to enter your password.

[Additional setting 1] Display and use TOTP on another PC (or Web browser)

①

_{-3 Release the security settings.}

Click on the Authenticator setting.

Once you set a password in ①-1, when the browser is restarted, you should put the password to get TOTP. Since you have already exported the authenticator.json with the password, you should remove the password setting here.

Click “Upload”.

Drug the backup file named “authenticator.json” and drop on the browser.

Click “Close” when the upload is complete.

[Additional setting 1] Display and use TOTP on another PC (or Web browser)

Step

2

Preparing to use another PC

(or Web browser)

(Perform on another PC newly used for multi-factor authentication)

If you cannot find the icon display of Authenticator in the toolbar, check the “Extensions*” list of each browser. *The name differs depending on the browser, and is named “Other tools”, “Settings, etc.”.

It is the same procedure as page 3 of this manual.

①

_{Add “Authenticator” extension to browser.}

Add the extended function “Authenticator” to the Web browser of another PC newly used for multi-factor authentication.

*You should use one of the following three browsers (firefox, chrome, or the new edge (Chromium version).

Visit

https://addons.mozilla.org/firefox/addon/auth-helper/ Visit https://chrome.google.com/webstore/detail/authenticato r/bhghoamapcdpbohphigoooaddinpkbai

Visit

https://microsoftedge.microsoft.com/addons/detail/auth enticator/ocglkepbibnalbgmbachknglpdipeoio

Click “Add to Firefox”.

+ Firefoxへ追加 Click “Add”. 追加 Click “OK”. OK Click “Install”. インストール

Click “Add extension”.

機能拡張の追加

Click “Enable sync”.

同期を有効にする Click “Add to Chrome”.

Chrome に追加

Click “Add extension”.

機能拡張を追加

Click the extension icon on the toolbar and click the pin mark that locks the

Authenticator extension.

The Authenticator icon is added to the toolbar. Click this icon to use Authenticator from now on.

The Authenticator icon is added to the toolbar. Click this icon to use Authenticator from now on.

The Authenticator icon is added to the toolbar. Click this icon to use Authenticator from now on.

Firefox

*The display may differ depending on the PC environment.

Chrome

*The display may differ depending on the PC environment.

Edge

*The display may differ depending on the PC environment.

[Additional setting 1] Display and use TOTP on another PC (or Web browser)

The extension authenticator cannot be added to safari, Internet Explorer (IE), or old Edge.

First, please set up your browser with the following recommendations. After that setup, you can use the recommended browser or smartphone app to get to know your TOTP. You can enter that TOTP into IE or safari so that you can authenticate in IE or safari as well.

①

_{Download Backup File}

On another PC newly used for multi-factor authentication,

access the KUMail strage https://fsv.iimc.kyoto-u.ac.jp/

and login with your SPS-ID and password. Then Click “My folder”.

Step

3

Importing TOTP settings

Click “authenticator.json” then it will be downloaded. You can find “authenticator.json” uploaded in Step1.

②

_{Import the authenticator setting details}

Click the setting icon on the Web browser.

Click “Export/Import”.

エクスポート/インポート

[Additional setting 1] Display and use TOTP on another PC (or Web browser)

See page 21 for how to delete a file uploaded to storage. D o n o t c l i c k d i re c t l y o n t h e b a c k u p f i l e n a m e d authenticator.json. If you click on it, you may get an error saying that there are no supported programs. Alternatively, an unrelated program may be launched and you may not be able to use the file.

Click “Import Backup”.

バックアップのインポート

[Additional setting 1] Display and use TOTP on another PC (or Web browser)

Select the backup file - authenticator.json - that you downloaded in ①_.

Enter password and click “OK”.

Click “OK”.

Enter your password that you have set in the [Additional setting 1] Step 1 “①-1 Export the setting details of the Authenticator” (p.13).

②

_{Select authentication method}

Select “One-time password (token)” from the pull-down menu and click “Select”.

①

_{confirm that multi-factor authentication is}

available

Access the following page.

Multi-factor authentication system settings page https://auth.iimc.kyoto-u.ac.jp/user/

Input your SPS-ID and password. Click the “Login” button.

Confirmation of multi-factor authentication usage (TOTP display on Web browser)

4

Display TOTP on a web browser

and confirm that

multi-factor

authentication is available

TOTP: Time-based one-time password

TOTP

[Additional setting 1] Display and use TOTP on another PC (or Web browser)

814422

Completion of certification

When the screen shown on the right is displayed, the setup is complete.

③

_{One-time password login}

Enter the 6-digit TOTP displayed, check “Trust this browser” and click “login”.

*If you are using a PC that is shared with other people, do not check “Trust this browser” as it may reduce security.

If you check “Trust this browser” , you will only be able to log in with SPS-ID and password when you log in again with the same browser within a certain period of time.

How to delete files from KUMail storage

Here's how to delete a file uploaded to storage. Choose the file you want to delete.

Click “File Operation” and choose “Delete” of the pull down menu.

Click “Delete” button to delete the file.

[Additional setting 2] Display and use TOTP on a smartphone (or tablet)

If you already have the Authenticator app installed:

①

_{Switch to scan mode}

(Screen is iPhone application)

Click “Scan Bar Code” to enter scan mode.

*You will use scan mode in Step2.

Click “+”. Click the app icon.

When installing the Authenticator app for the first time:

①

_{Install the application on the smartphone and set it to scan mode.}

(Screen is iPhone application)

iPhone app

“Google Authenticator”

https://apps.apple.com/jp/app/go ogle-authenticator/id388497605

App for Android

“Google Authentication System”

https://play.google.com/store/app s/details?id=com.google.android. apps.authenticator2

Click “Get”. Click “Start setup”.

Click “Scan Bar Code” to enter scan mode.

*You will use scan mode in Step2.

Setting procedure for displaying the same TOTP on smartphone

[Additional setting 2]

Display and use TOTP on a smartphone (or tablet)

Add this setting if you want to use the currently used TOTP by displaying it on your smartphone or tablet.Be sure to scan

the QR code on your web browser. Please note that if you regenerate the QR code on the activation procedure site, the

previous QR code will be invalidated.

Step

1

Preparation (Installation of

TOTP display app)

②

_{Copy the TOTP information set}

in the PC browser to the smartphone

Authenticator icon on the tool bar of the PC

already set up multi-factor authentication.

Step

2

Duplicate

TOTP information

TOTP: Time-based one-time password

[Additional setting 2] Display and use TOTP on a smartphone (or tablet)

Click on the Authenticator code icon.

Click the code icon If you move the mouse cursor close to the display area, the code icon will be displayed.

Display area

TOTP can be generated with the Authenticator application on the smartphone.

The QR code is displayed on the PC screen.

Scan the QR code on the PC screen in the scan mode of the Authenticator application on the smartphone.

②

_{Select authentication method}

Select “One-time password (token)” from the pull-down menu and click “Select”.

596389

Completion of certification

When the screen shown on the right is displayed, the setup

[Additional setting 2] Display and use TOTP on a smartphone (or tablet)

Confirmation of multi-factor authentication usage

(TOTP display on smartphone application)

3

Display TOTP

on the smartphone app

and confirm that

multi-factor authentication

is available

TOTP

①

_{Access the login screen of the multi-factor}

authentication compatible service (faculty staff

groupware/Kyoto University Mail for Faculty and

Staff Mail: KUMail, Google Calendar, etc.).

Here is an example of how to access faculty groupware. Enter your SPS-ID and password and click “Login”.

TOTP: Time-based one-time password

③

_{One-time password login}

Enter the 6-digit TOTP that is the number displayed on the Authenticator app on your smartphone and check “Trust this browser”.

Click “Login”.

*If you are using a PC that is shared with other people, do not check “Trust this browser” as it may reduce security.

If you check “Trust this browser” , you will only be able to log in with SPS-ID and password when you log in again with the same browser within a certain period of time.

If the clock setting on the smartphone (tablet) is incorrect, the correct 6-digit TOTP will not be displayed. You cannot log in (authenticate) even if you enter it.