Greeting HPC Users,

We are pleased to announce that DICC Single Sign On Service service is now publicly available. The page can be accessed at https://sso.dicc.um.edu.my/ with and without VPN connection.

Why is the DICC SSO Service introduced?

Since only one account is required to access all kinds of services hosted in DICC, we have been very cautious on controlling what users can and should do with their own account. We were always trying to protect user accounts from all sorts of security attacks.

Previously we did not allow users to perform self-serviced password recovery as we have no way to verify users identity automatically. VPN gateway authentication has also been a nightmare for users with newly created accounts due to very long random generated password.There are also more research-based web services to be introduced in the near future, so DICC SSO service is essential to manage the users from one centralized location.

What does this mean for HPC users?

All newly created users can now update their temporary password in the SSO page before attempting to establish a connection with the VPN Gateway. This should indirectly reduce the failed login attempt with the VPN gateway due to password typo. This should also reduce the time gap between account creation and first successful login to HPC resources.

Meanwhile, all users can now update their password directly in the SSO page. All expired passwords can now be changed via the SSO page, and no longer need to request assistance from the DICC administrator if one’s password has expired. However, disabled account due to a long period of inactivity will still require DICC Administrator verification to reactivate the account.

The system will no longer send out password expiry reminders to those accounts where the password is going to expire soon, as password recovery can be done anytime in the SSO page. There will still be a password expiry prompt in the HPC Login Node.

What can HPC users do with the DICC SSO service?

Other than the self-serviced password recovery feature, one can also enable Two Factor Authentication (2FA) for extra protection against password brute-force attack. However, the 2FA will only work for web based services and not SSH.

Documentation Update

We have updated the documentation with more information on how DICC SSO service works and how to better protect your account. Please visit this page for more information.

If you have any questions, please let us know through the service desk. Also, don’t forget to join the DICC Official Telegram Channel to receive the latest news and updates on the HPC cluster.

Thank you.

Categories: HPCNews