Open jrgriffiniii opened 4 years ago
Users also need to authenticate over the bastion host using the following command:
ssh -J libvijrg@epoxy.princeton.edu libvijrg@dataspace.princeton.edu
Where libvijrg
is the NetID of the service account with elevated access for the servers.
Document the process of setting the RSA PIN from the online dashboard for RSA token management. This is currently found on https://sdprsa200l.princeton.edu:7004/console-selfservice/SelfService.do.
https://princeton.service-now.com/service?id=sc_cat_item&sys_id=a8f092884f569e00f56c0ad14210c791 is the form needed to request a soft token.
Dept. ID should be LIB - Information Technology (41006). The fund should consistently be A0000
.
The following fields may be left blank:
The associated server hostname should only be dataspace.princeton.edu
. Please provide your service account NetID in the field Associated Elevated Service Account netID
.
Manager Authorized to Approve this request
should be Stephanie Ayers. New Token or Replacement should be New
. Software or Hardware Token
should be Software
, Is this a temporary Token?
should be No
.
Please also provide the Make, Model and Mobile Operating System for the smartphone which you will be using with the RSA SecurID app:
Make: Samsung Model: Galaxy S8 (Android 7) Mobile Operating System: Android
No other fields are required.
Users should receive a secure message (via e-mail) containing a confirmation that the request has been fulfilled.
Users need to install GlobalProtect for their smartphones, and then first access the link provided for them by OIT in order to import a soft token into the RSA SecureID smartphone app. Once this has been provided, the user should attempt to authenticate on to epoxy.princeton.edu.
Please also link to https://princeton.service-now.com/service?id=csm_sc_cat_item&sys_id=588cfb664fcd124022a859dd0210c7ca in the documentation for requesting support from OIT.
For each new user on the VMs, we will need to create OIT support requests in order to grant access for the new service account to escalate their own privileges to root, and to be able to authenticate through the bastion host.
Users are required to download https://apps.apple.com/us/app/rsa-securid-software-token/id318038618 to their iPhone, and to properly configure this for single sign-on.