Verified Commit 77e03be7 authored by Nicolas Froger's avatar Nicolas Froger
Browse files

accounts: add bocal 2fa

Signed-off-by: Nicolas Froger's avatarNicolas Froger <>
parent 8f32859c
Pipeline #157637 passed with stages
in 1 minute and 5 seconds
# Bocal 2FA
Two-factor authentification (2FA) is becoming mandatory on Bocal accounts on
**Wednesday the 9th of March, 2022**. In case you already set up 2FA earlier
and you changed phone number or removed the authenticator app, you need to
remove the old method or **you will lose access to your account**.
## Remove an old 2FA method
!!! warning
You need to follow these steps before **Wednesday the 9th of March, 2022**
if you set up 2FA in the past and changed phone numbers afterwards. You also
have to do this if you set up the Microsoft Authenticator app (or any TOTP
app) and uninstalled it without disabling it in your account settings. If
you don't follow this, **you will lose access to your account** when 2FA
will be mandatory again.
* Go to the [Office356 Portal](
* On the top right corner of the page, click on your initials, then on "View
* Click on "Security info".
![Security info](assets/2fa_update_1.png)
* Next to the old 2FA method, click on "Delete".
![Delete 2FA method](assets/2fa_update_2.png)
## Add a 2FA method
When 2FA will be mandatory again, you will be forced to add a method on your
next attempt to use your Office account.
* On your next login, you will be redirected to [this page](
### Use your phone number
This method will make you receive a SMS message or a phone call every time you
login to your Office account.
!!! note
This method can be unreliable as it can take up to a few minutes for
Microsoft to send you the message. Multiple tries are sometimes required.
* Fill in the page as follow with your phone number.
![Add phone](assets/2fa_add_phone_1.png)
* You should receive a SMS message from Microsoft with a code.
![SMS code](assets/2fa_add_phone_2.jpg)
* Fill in the code in the page and click "Verify".
![SMS code in page](assets/2fa_add_phone_3.png)
### Use a TOTP app
This method uses an app and a time-based algorithm to generate codes that you
can use to login. This method is much more reliable as code generation is done
offline, so you don't have to wait for a message to come. This method requires a
smartphone with a TOTP app installed, such as Google Authenticator
Microsoft Authenticator
or [andOTP]( (FOSS,
Android only). If you don't want to use your smartphone, you can use your
computer with [WinAuth](
(Windows only).
* Select "Mobile app" and check "Use verification code".
![TOTP mobile app](./assets/2fa_totp_1.png)
* If you want to use Microsoft Authenticator:
* Open the app on your phone.
* Touch the + sign in the top right corner.
* Touch "Add an account" and choose "Work or school account".
* Scan the QR code.
* If you want to use another app:
* Click on "Configure app without notifications".
* Open the app on your phone and add an account.
* Flash the QR code when asked.
* Click "Next" then "Next" again.
* Enter the code as seen in the app and click "Verify". Make sure you do it
before the code expires, otherwise you will have to do it again.
* Fill in the form with your phone number and click "Done", it will be used in
case you uninstall the app without disabling 2FA in your account settings.
![TOTP mobile app](./assets/2fa_totp_2.png)
## Setting up Thunderbird with 2FA
Thunderbird needs a special configuration in order to work with 2FA.
**To add the account:** (skip if account already added to Thunderbird)
* If this is the first time you open Thunderbird, you should have a form to add
a new account. If not, go to ☰ > New > Existing Mail Account
* Fill in your name and your EPITA email address. You don't need to put your
password here.
![Add account](assets/2fa_thunderbird_init.png)
* Click on "Continue" then "Done".
* Close the tab, you should be on the main Thunderbird window.
**To fix the account for 2FA:**
* When prompted for a password, click on "Cancel".
* In the left sidebar, right-click on your EPITA email address and click on
* Under your EPITA email account, click on "Server settings"
* In "Authentication method", select "OAuth2".
![Thunderbird server settings](assets/2fa_thunderbird_serversettings.png)
* Close the tab.
* Click on "Inbox" under your EPITA account in the left sidebar.
* A new window should open, login with your Bocal account.
![Thunderbird server settings](assets/2fa_thunderbird_login1.png)
* Login with 2FA
* Click "Authorize" if asked
* Click on "Get Messages" in the top toolbar, this should fetch new folders and
......@@ -13,6 +13,7 @@ nav:
- Accounts:
- CRI and Bocal accounts: 'accounts/'
- Recover and modify passwords: 'accounts/'
- 'accounts/'
- Working from school:
- PIE: 'from_school/'
- 'from_school/'
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment