You are located in service:General Information on MFA
General Information on MFA
Please note:
Multifactor-Authentication (MFA) describes a procedure which requires the users to confirm their login to a service via a separate application or a separate medium or device. This increases the security of the systems used and can protect users from data misuse.
The MFA at RWTH uses so-called tokens. The tokens are created in the Token Manager in the IdM Selfservice.
To log in to an MFA-protected service, proceed as follows:
- Log in to the service with your login details;
- Enter a one-time security code that you have generated using the token.
When do I need MFA?
You must enter a one-time security code when establishing a connection via RWTH VPN. All services that authenticate and authorize via RWTH Single Sign-On also require a one-time security code.
You only need to enter the second factor once, just like the password. A session is created. During the validity of this session, you will not be asked for your user name, password and one-time security code again.
Please note: If you have logged in with a mobile device, your session may become invalid when you change the radio cell due to the IP change.
As long as you have not yet configured a second factor, you can only log in for the configuration of the second factor in the Token Manager in IdM Selfservice.
How do I set up MFA?
MFA is set up in two steps:
- Creation of a Tan list (one-time security code)
- Creation of one or more additional tokens.
If you lose access to your second token, you can use a code from the TAN list as a backup to log in to a protected service or to access the token manager to create a different token.
You can create and use the following token types:
- RWTH Single Sign-On
- VPN:
More information