Setting up One-Time Passwords¶
Setting up your mobile device to generate these one-time passwords, so you can log into the BRC clusters, is fairly straightforward. It typically takes between 10 and 30 minutes, and you only need to do it once. Here's an overview of that process:
- Submit a form to receive a linking invitation email.
- Following the instructions in that email, login to the Token Management website with one of your personal accounts. You can use your UC Berkeley CalNet ID, or even your Facebook, Google, or LinkedIn account. That will link your personal account to your BRC HPC Cluster account.
- Install the Google Authenticator app on your smartphone or tablet.
- On the Token Management website, follow the instructions to create a new token. This will display a QR code onscreen.
- Using your smartphone or tablet camera, scan the QR code into Google Authenticator.
- Verify that Google Authenticator is now generating one-time passwords.
The video below describes the login process:
Installing and setting up Google Authenticator on a mobile device¶
Before you can log into the HPC clusters for the first time, you will need to install and set up Google Authenticator on at least one mobile device: a smartphone or tablet running Android or iOS. (If you don't have one of those devices, please complete Step 1 and then see Step 2, below.)
Here's the nine-step process for installing and setting up Google Authenticator:
1. In most instances, if you're visiting this page, you already have a BRC HPC Cluster account (i.e. an account on the Savio and/or Vector cluster). However, if you don't already have such an account, please request one. (If you're not sure, please contact BRC support.)
2. Link one of your personal accounts (University of California, Berkeley [i.e, your CalNet ID], Facebook, Google, or LinkedIn) with your BRC HPC Cluster account. This is typically a one-time process:
- To link these accounts, please complete and submit this form, anytime. You can expect to receive the linking invitation email from BRC support within 5 to 10 minutes thereafter. (The linking invitation email's subject line is, or will be similar to, "Invitation to link your personal account with BRC HPC Cluster account".)
- Follow the instructions in that email to complete the linking process.
- If you cannot locate the email, please check your Spam or Junk folder. And if you still can't locate it, please contact BRC support.)
3. After having linked your personal account with your BRC HPC Cluster account, then install the Google Authenticator app on your smartphone or tablet running Android or iOS.
(If you do not have a device capable of running the Google Authenticator app, we recommend using the Authy app.)
In the Google Play store or iOS App Store on your smartphone or tablet, search for and install "Google Authenticator".
(Or else, for convenience, click the relevant button below:)
4. In your browser, on a second device, such as a laptop or desktop, visit the Non-LBL Token Management web page.
5. Click the button for your personal account ("external identity") that you have linked in Step 2, then follow the onscreen instructions to log in with your credentials for that account.
If, when doing so, you encounter the error message, "Login Error: There was an error logging you in. The account that you logged in with has not been mapped to a system account", please complete Step 2, above, and then return back here and re-try this step.
- From the “Token Management” page which appears, create a token by clicking on “Add an HPC Cluster/Linux Workstation token” and following the onscreen instructions.
Remember the PIN that you are setting on the token. Note that the PIN can be similar to a typical account password and does not have to be a 4-digit number.
After you’ve successfully created your new token, a QR code for that token will then be displayed.
7. Back on your smartphone or tablet, from the menu of the Google Authenticator app, select “Add an account” and then “Scan a barcode”.
8. Scan that QR code. (This will store the token in Google Authenticator.)
If your device does not already have a QR code reader app installed, the Google Authenticator app may first lead you through the process of installing one. Some newer versions of the Google Authenticator app now have a built-in ability to scan QR codes.
- Verify that the Google Authenticator app is now generating one-time passwords.
The one-time password will be displayed under the name “Lawrence Berkeley National Laboratory” in that app.