Chunks Used in Chat #15

**Introduction** In order to make calls to some internal APIs, you’ll require an internal token generated through SSO.  This token allows you to verify your identity, and use any edge system managed through SSO via API, and it is not intended for external use. The permissions of the token are the same of the requesting user. Tokens can be generated for both Staging or Production environments. **Table of Contents** * * * ## Generating an Internal Token 1. Navigate to SSO Admin. On the bottom left side, click your name and select “ **Profile** ” 2. Click “ **Generate New Token** ” 3. A new personal token will be generated. Clicking over it will copy it, and you’ll be able to use it in any internal API that requires it. **Note** : - The newly generated token remains visible until the page is reloaded. In case of losing the personal token, you can regenerate your token anytime, but keep in mind that the old token becomes inactive after regeneration or after clicking the button **[Terminate all sessions]**. - The Staging token is only valid for Staging environments. To generate a Production token, navigate to [SSO Production](https://sso.tripledotapi.com/admin). ## Using your Personal Token Your personal token can be used to authenticate in any edge system managed through SSO that supports SSO personal tokens. You can still use the Game Server token for systems such as Level Editor. Below you’ll find an example of the Internal Localisation API: **Fetch existing localisations:** **Endpoint:** `/api/internal/localisations` _Example request:_ curl -X 'GET' \ 'https://localisations-server-staging.tripledotapi.com/api/internal/localisations?app_id=app_id_of_your_game' \ -H 'accept: text/csv' \ -H 'X-Authorization: your_personal_token' _Response:_ Key,Type,Desc,en,es test_key,text,some description,hello,hola If no valid token has been provided, the API will return an error (401): { "message": "Invalid access token", "code": 1000 } If no token is provided at all, the API will return a different error (400): { "message": "No token provided", "code": 1020 }

**Introduction** Two-factor authentication (2FA) is an identity and access management security method that requires two forms of identification to access resources and data. 2FA is implemented to better protect both your credentials and the resources you can access with an extra layer of security. With your mobile phone and the app Google Authenticator (or any similar authenticator app) installed, you can easily access all Tripledot resources in a safe and secure way.  In this guide, you’ll find all you need to know about using 2FA at Tripledot. **Table of Contents** * * * ## Setting up 2-Factor Authentication ### 1. Download Google Authenticator to your Mobile Device Google Authenticator is an application that allows you to generate one-time passwords. These passwords will be required when logging into any Tripledot system, such as Game Server.  To download it, go to the Apple Store or Google Play, and look for “Google Authenticator”, or click the links below: - [](https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2) - [](https://apps.apple.com/es/app/google-authenticator/id388497605) Once the app is downloaded, it’s time to set it up for Tripledot. If you have a device that does not support Google Authenticator, you can download DUO instead. - [Google Play](https://play.google.com/store/apps/details?id=com.duosecurity.duomobile&hl=es_419&gl=US) - [App Store](https://apps.apple.com/es/app/duo-mobile/id422663827) ### 2. Scan the QR code You should have received an email with a QR code. This QR code is unique for you, and it will help you identify yourself and generate a one-time password. To read it, follow the instructions below: 1. Open the Google Authenticator app 2. Tap the plus sign on the bottom right corner, and tap “Scan QR code”  1. Scan the QR code in the email. Can’t find the email? Click [here](#sso-server) for further instructions.  1. A new 6-digit one-time password will be generated in your mobile device. Input it when required and you’ll be done!  - You will not be required to input this password every time, only when you’re logged out of TDS systems. - The one-time password expires after 30 seconds, and after that, a new one is generated. Be sure to input it quickly! ### Obtaining your QR code through SSO Server You can also obtain your QR code through SSO Server: 1. Navigate to [SSO Admin](https://sso.tripledotapi.com/admin), click your name on the bottom left corner, and select **[Profile].** 2. Scan the QR code with the Authenticator app. 3. Input the one-time password generated in your mobile device when required, and you will be done. ### Troubleshooting - **Who can I contact if I have issues setting up 2-factor authentication?** - **Help! I missed the deadline to log into SSO! What do I do now?** - **I’ve successfully logged in, but I got a new mobile phone. How do I authenticate now?** **If your phone has been stolen…** Google Authenticator codes are stored locally on your device. To remove the codes, use the remote erase device option for [iOS](https://support.apple.com/guide/icloud/erase-a-device-mmfc0ef36f/icloud) or [Android](https://support.google.com/accounts/answer/6160491?hl=en). If this option is unavailable, visit every site that you have Google Authenticator set up on to remove the codes, and then relink your new device. * * * ## For Access Managers This process applies only to Access Managers and Superadmins ### Generating a new QR code As an access manager, you can generate QR codes for users who require one. This process will generate a new email with a QR code so that they can authenticate. To generate a new email with a QR code, follow the steps below: 1. Navigate to [SSO Admin](https://sso.tripledotapi.com/admin) and click **[Users]** 2. Search for the user that requests the new QR code using the search bar 3. Click **[Send new QR code]** 4. You will be prompted with a verification. Click **[Yes]** to trigger the email. 5. A new email will be sent to the user and they will be able to authenticate.

- [Setting up 2FA in SSO](/wiki/spaces/KB/pages/3294298136/Setting+up+2FA+in+SSO) - [Generating SSO User Tokens](/wiki/spaces/KB/pages/3292790799/Generating+SSO+User+Tokens)