Authentication

The service supports three ways to authenticate a user:

  1. Local username and password
  2. SURF SURFconext
  3. SURF Research Access Management (SRAM)

Options 1 and 3 are exclusive. It is not possible to configure both at the same time. While it is possible for options 1 and 2.

Only option 2 and 3 support two factor authentication (2FA).

Local username and password

Local username and password are stored in two DBs, which are on the same VM of the web portal.

SURF SURFconext 2FA

SURFconext is a bridge between the institute’s Identity Provider (IdP) and the web portal.

SURF Research Access Management (SRAM) 2FA

SRAM is a bridge between the institute’s Identity Provider (IdP) and the web portal and the authorization source of truth for group management.

Data Access Password

A temporary token can be generated by the user in the web portal after logging in.

The token (Data Access Password) can be used to log in DavRODS via webdav clients and iRODS via command line.

The Data Access Password mechanism is always enabled, independently from the chosen authentication method.

Deprovisioning a user

Independently from the authentication method, to remove completely a user from YODA and from iRODS, please follow the steps explained here:

https://utrechtuniversity.github.io/yoda/administration/deprovision-users.html 

  • No labels