DescriptionMulti-factor authentication (MFA) is rapidly becoming the de facto standard for access to all computing, whether via web, phone, or direct command-line access. HPC centers and other institutions supporting hundreds or thousands of users face challenging cost, licensing, user support, and infrastructure deployment decisions when considering a transition to MFA at scale.
This paper describes our experiences and lessons learned throughout the assessment, planning, and phased deployment of MFA across production systems supporting more than 10,000 accounts. It focuses on the ultimate curation, creation, and integration of a multitude of software components, some developed in-house and built to be compatible within existing HPC environments, and all of which are freely available for open source distribution. We motivate the development of this customized infrastructure by highlighting some of the particular needs of our research community. What follows is an information resource for others when considering their own MFA deployments.