There are many stages in the login process that can fail. SSH login to Shaheen uses two factor authentication, meaning you are verified using something you know (password or ssh key) and something you have (mobile device with OTP). In addition to this, there are extra layers that must be validated before access is successful:
- Active Directory account is not locked (usually caused by too many incorrect password entries).
- Active Directory account is not disabled (usually caused by AD account having reached expiry date)
- You must be logging in from an IP range or domain that was approved either as part of your Shaheen application or requested at a later date.
If your password attempt fails, the reason may be obvious:
- Did you fail to provide us when requested with an up-to-date ID in order to extend your Shaheen account? If so, your account may now be locked.
- Did your login failure message indicate that you were trying to login from an unauthorised IP address? If so, you need to contact us to have that IP address added.
- Is Shaheen under maintenance? If Shaheen is under maintenance, you might still pass the login process but your access will still be blocked until Shaheen is back in production. You should have received downtime notificatio0ns by email. If in doubr, check the recent Newsletter on this website.
Please note that if you entered a password, and then entered your OTP and then your login failed, this does not mean that your password was correct and your OTP was incorrect. Either or both could be incorrect.
You can check the status of your Active Directory account by using selecting Check AD Account from the My KSL menu. Note, however that if your account is locked, you will not be able to use this link because it requires authentication into this website first. However, you can ask a colleague to check for you.
If you are not sure why your login attempt was rejected, please contact us and we will investigate.