.. _2fa_get_token:

##################################################
Preparing Your Phone for Two Factor Authentication
##################################################

There are several steps needed to configure your phone for use with the SRCPS.

Securing Your Phone
*******************

Information on securing your device is in the SRCPS User security Policy. Please ensure this has been read and understood this before proceeding with configuring two factor authentication access.

Installing a Two Factor Authentication Application
==================================================

An application is needed to generate the one time login tokens which enable access to the SRCPS.

We support several mobile applications for both Android and iPhone:

+----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------+
| Application          | iPhone                                                                           | Android                                                                                                |
+----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------+
| FreeOTP              | `Yes <https://itunes.apple.com/gb/app/freeotp-authenticator/id872559395?mt=8/>`_ | `Yes <https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp/>`_                       |
+----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------+
| Google Authenticator | `Yes <https://itunes.apple.com/gb/app/google-authenticator/id388497605?mt=8>`_   | `Yes <https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en_GB>`_ |
+----------------------+----------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------+

Retrieving Your Token
*********************

Prerequisites
=============
* The Welcome email
* A mobile phone with a Two Factor token management token installed.

Adding a Token to a Mobile Phone
********************************

The welcome email will contain the login URL for the platform.

The user will be presented with a login page which looks similar to the image below.
Here the user will enter their Raven credentials to proceed.

.. figure:: ../img/srcp-login-page.png
    :align: center
    :alt: Login Page
    :figclass: align-center
    :scale: 30%

If this is the first time an user has attempted to in they will be presented with a prompt to configure Two Factor Authentication. It will look similar to the below image.

.. figure:: ../img/srcp-first-login.png
    :align: center
    :alt: 2fa Prompt
    :figclass: align-center
    :scale: 30%

    An Example 2FA Configuration prompt.

The page has a barcode on it, which may be scanned by a Two Factor Auth management application. There is a video below showing this process for an android handset:


.. raw:: html

    <div style="position: relative; padding-bottom: 5%; height: 0; overflow: hidden; margin-left: auto; margin-right: auto; max-width: 50%; height: auto;">
        <iframe src="https://player.vimeo.com/video/374700786" width="320" height="640" frameborder="0" allow="autoplay" allowfullscreen></iframe>
    </div>
    *An example of registering an Android phone with the SRCPS*

Recovering from a lost token or device
**************************************

If an user loses their TOTP codes or mobile device, they will be unable to access the platform until they have raised a support request with the SRCP Support Team, who at that point are the only people who can regenerate the user's TOTP codes. Before doing this however, the SRCP Support Team must go through a process to establish the real identity of this user. This involves confirming the reset with the SRCPS Client. 

.. warning::

    It is the responsibility of the SRCPS User to inform the SRCPS client their private token needs regenerating.

If you have lost your mobile device or token please submit a support request to the :ref:`SRCPS helpdesk <contact_us>`. The user must also notify the SRCPS Client; whom the SRCPS helpdesk contacts for approval. This must happen before the SRCPS helpdesk may issue a replacement token.

.. figure:: ../img/srcps-two-factor.jpg
    :align: center
    :alt: resetting your token diagram
    :figclass: align-center

    Process flow for resetting your private token

Once the Client has approved the token reset request and the User has demonstrated ownership of their password the Helpdesk will issue a new Private token.