Please note:

If you have not set up any second factor yet, please go to the Token Manager to set up a token.

Multifactor-Authentication (MFA) describes a procedure which requires the users to confirm their login to a service via a separate application or a separate medium or device. This increases the security of the systems used and can protect users from data misuse.

The MFA at RWTH uses so-called tokens. The tokens are created in the Token Manager in the IdM Selfservice.

To log in to an MFA-protected service, proceed as follows:

• Log in to the service with your login details;
• Enter a one-time security code that you have generated using the token.

When does one need to use MFA?

You must enter a one-time security code when establishing a connection via RWTH VPN. All services that authenticate and authorize via RWTH Single Sign-On also require a one-time security code.

You only need to enter the second factor once, just like the password. A session is created. During the validity of this session, you will not be asked for your user name, password and one-time security code again.

Please note: If you have logged in with a mobile device, your session may become invalid when you change the radio cell due to the IP change.

As long as you have not yet configured a second factor, you can only log in for the configuration of the second factor in the Token Manager in IdM Selfservice.

How can one set up the MFA?

The MFA is set up in two steps:

1. Creation of a Tan list (one-time security code)
2. Creation of one or more additional tokens.

If you lose access to your second token, you can use a code from the TAN list as a backup to log in to a protected service or to access the token manager to create a different token.

You can create and use the following token types:

• RWTH Single Sign-On
  • Authenticator App (TOTP)
  • Hardware Token (HOTP)
  • Hardware Token (WebAuthn.FIDo2)
  • E-mail codes
• VPN: 
  • Authenticator App (TOTP)
  • Hardware Token (HOTP)