Please note

If you have not set up any second factor yet, please go to the Token Manager to set up a token.

Multifactor-Authentication (MFA) describes a procedure which requires the users to confirm their login to a service via a separate application or a separate medium or device. This increases the security of the systems used and can protect users from data misuse.

The MFA at RWTH uses so-called tokens. The tokens are created in the Token Manager in the IdM Selfservice.

To log in to an MFA-protected service, proceed as follows:

• Log in to the service with your login details;
• Enter a one-time security code that you have generated using the token.
• For more detailed guidance, please refer to the RWTH Single Sign-On with MFA guide.

When do I need MFA?

You must enter a one-time security code when establishing a connection via RWTH VPN. All services that authenticate and authorize via RWTH Single Sign-On also require a one-time security code.

As long as you have not yet configured a second factor, you can only log in for the configuration of the second factor in the Token Manager in IdM Selfservice.

How do I set up MFA?

MFA is set up in two steps:

1. Creation of a Tan list (one-time security code)
2. Creation of one or more additional tokens.

If you lose access to your second token, you can use a code from the TAN list as a backup to log in to a protected service or to access the token manager to create a different token.

You can create and use the following token types:

• RWTH Single Sign-On
  • Authenticator App (TOTP)
  • Hardware Token (HOTP)
  • Hardware Token (WebAuthn/FIDo2)
  • Biometric Data (WebAuthn/FIDo2)
  • E-mail codes
• VPN
  • Authenticator App (TOTP)
  • Hardware Token (HOTP)