Please note:

If you have not set up any second factor yet, please go to the Token Manager to set up a token.

Multifactor-Authentication (MFA) describes a procedure which requires the users to confirm their login to a service via a separate application or a separate medium or device. This increases the security of the systems used and can protect users from data misuse.

The MFA at RWTH uses so-called tokens. The tokens are created in the Token Manager in the IdM Selfservice.

To log in to an MFA-protected service, proceed as follows:

• Log in to the service with your login details;
• Enter a one-time security code that you have generated using the token.

When does one need to use MFA?

The following RWTH services are MFA-protected and require you to enter your login credentials and a one-time security code:

• RWTH Single Sign-On
• VPN

How can one set up the MFA?

The MFA is set up in two steps:

1. Creation of a Tan list (one-time security code)
2. Creation of one or more additional tokens.

If you lose access to your second token, you can use a code from the TAN list as a backup to log in to a protected service or to access the token manager to create a different token.

You can create and use the following token types:

• RWTH Single Sign-On
  • Authenticator App (TOTP)
  • Hardware Token (HOTP)
  • Hardware Token (WebAuthn.FIDo2)
  • E-mail codes
• VPN: 
  • Authenticator App (TOTP)
  • Hardware Token (HOTP)