Setting up One-Time Passwords¶
Setting up your mobile device to generate these one-time passwords, so you can log into the BRC clusters, is fairly straightforward. It typically takes a few minutes, and you only need to do it once. Here's an overview of that process:
- Automatically receive an account linking invitation email with instructions to link your personal account with your BRC HPC Cluster account.
- Following the instructions in that email, login to the Token Management website with one of your personal accounts. You can use your UC Berkeley CalNet ID, or even your Google (Gmail) account. That will link your personal account to your BRC HPC Cluster account.
- Install the Google Authenticator app on your smartphone or tablet.
- On the Token Management website, follow the instructions to create a new token. This will display a QR code onscreen.
- Using your smartphone or tablet camera, scan the QR code into Google Authenticator.
- Verify that Google Authenticator is now generating one-time passwords.
The video below describes the login process:
Installing and setting up Google Authenticator on a mobile device¶
Before you can log into the HPC clusters for the first time, you will need to install and set up Google Authenticator on at least one mobile device: a smartphone or tablet running Android or iOS. (If you don't have one of those devices, please complete Step 1 and then see Step 2, below.)
Here's the nine-step process for installing and setting up Google Authenticator:
1. In most instances, if you're visiting this page, you already have a BRC HPC Cluster account (i.e. an account on the Savio and/or Vector cluster). However, if you don't already have such an account, please request one. (If you're not sure, please contact BRC support.)
2. Link one of your personal accounts (e.g., University of California, Berkeley CalNet ID, Google, etc.) with your BRC HPC Cluster account. This is typically a one-time process:
- New users will automatically be sent a linking invitation email from BRC support during the account creation process with the subject line "Invitation to link your personal account with BRC HPC Cluster account". New Savio users who use an @lbl.gov email will not receive a linking invitation email.
- Follow the instructions in that email to complete the linking process.
- If you cannot locate the email, please check your Spam or Junk folder. Or, if the link expires or you still can't locate the email, then you can request that a new linking invitation email be sent to you by navigating to your user profile on the MyBRC User Portal and clicking on “Request Linking Email” at the bottom of the page. Once requested, you will receive an email containing instructions on how to link your accounts within an hour. The status of the request will also be available on the profile page. If you have not received the email within an hour or so (including in your Spam or Junk folder), please contact BRC support.
3. After having linked your personal account with your BRC HPC Cluster account, then install the Google Authenticator app on your smartphone or tablet running Android or iOS.
(If you do not have a device capable of running the Google Authenticator app, we recommend using the Authy app.)
In the Google Play store or iOS App Store on your smartphone or tablet, search for and install "Google Authenticator".
(Or else, for convenience, click the relevant button below:)
4. In your browser, on a second device, such as a laptop or desktop, visit the Non-LBL Token Management web page.
5. Click the button for your personal account ("external identity") that you have linked in Step 2, then follow the onscreen instructions to log in with your credentials for that account.
If, when doing so, you encounter the error message, "Login Error: There was an error logging you in. The account that you logged in with has not been mapped to a system account", please complete Step 2, above, and then return back here and re-try this step.
- From the “Token Management” page which appears, create a token by clicking on “Add an HPC Cluster/Linux Workstation token” and following the onscreen instructions.
Remember the PIN that you are setting on the token. Note that the PIN can be similar to a typical account password and does not have to be a 4-digit number.
After you’ve successfully created your new token, a QR code for that token will then be displayed.
7. Back on your smartphone or tablet, from the menu of the Google Authenticator app, select “Add an account” and then “Scan a barcode”.
8. Scan that QR code. (This will store the token in Google Authenticator.)
If your device does not already have a QR code reader app installed, the Google Authenticator app may first lead you through the process of installing one. Some newer versions of the Google Authenticator app now have a built-in ability to scan QR codes.
- Verify that the Google Authenticator app is now generating one-time passwords.
The one-time password will be displayed under the name “Lawrence Berkeley National Laboratory” in that app.