You are located in service: Multifactor-Authentication (MFA)

Setting up a Security Key

Setting up a Security Key

Detailinformation

On this page you will find instructions on how to set up a security key as a hardware token in the token manager in self-service (using a YubiKey as an example).

The YubiKey is compatible with both Hardware Token for VPN and RWTH Single Sign-On (HOTP) and Hardware token for RWTH Single Sign-On (WebAuthn/FIDO2).
Other security keys that are compatible with both types are e.g. Nitrokeys (Pro 2 and 3) and selected Feitian Keys.

1. How do I get a YubiKey?
2. Connecting the YubiKey with "Hardware Token for RWTH Single Sign-On (WebAuthn/FIDO2)"
3. Connecting the YubiKey with "Hardware Token for VPN and RWTH Single Sign-On (HOTP)"
4. In case of authentication problems: Synchronize hardware Token for VPN (HOTP)

1. How do I get a YubiKey?

Employees of RWTH Aachen University will receive YubiKeys from their institution if it provides YubiKeys.

2. Connecting the YubiKey with "Hardware token for RWTH Single Sign-On (WebAuthn/FIDO2)"

1. Navigate to the Token Manager in the Selfservice. If you have already created a token, follow the instructions on the screen after navigating to the token manager to enter your second factor.

2. Insert your YubiKey into the USB slot on your PC.

3. Create the token "Hardware token for RWTH Single Sign-On (WebAuthn/FIDO2)".

4. Give the token a clearly recognizable description in the Description field (e.g. My YubiKey for SSO) and click on "Create".

5. Click on "Register" in the next window.

6. Choose a place to save a security key if needed, follow the instructions on the screen and enter a secure PIN of your choice when prompted.

7. Then tap the YubiKey with your finger to complete the setup.

8. To use the YubiKey for MFA, insert the YubiKey into your device and tap it with your finger when you receive the prompt to enter a one-time security code from the application.

3. Connecting the YubiKey with "Hardware token for VPN and RWTH Single Sign-On (HOTP)"

Preparation:

  • To use the YubiKey to its full extent, you must first install the YubiKey Manager software, as you will need the software from step 5 onwards. Download the program and install it on your PC.
  • You may need to deactivate password storage in the browser extensions for your browser.
  • When using MacOS devices, you need to add YubiKey Manager in your System Preferences under Security & Privacy first.

If you have any questions or problems installing the software, please contact your local IT administrator.  

1. Navigate to the Token Manager in the Selfservice.

2. Insert your YubiKey into the USB slot on your PC.

3. Create the token "Hardware token for VPN and RWTH Single Sign-On (HOTP)".

4. Give the token a clearly recognizable description in the "Description" field (e.g. My YubiKey for VPN) and click on "Create".

Note:
Under "Advanced options" you have the option of configuring the length of the security code. This is not necessary. If you change the setting, please ensure that the number of digits in the "Digits" field in the YubiKey Manager software (step 9, digit 2 in the illustration) is the same as under "Advanced options" in the Token Manager.

5. Open the previously installed YubiKey Manager software on your PC.

6. Click on the "Applications" tab and select "OTP".

7. Click on "Configure" for one of the two slots.

8. Select "OATH-HOTP" in the next window.

9. Copy the "Token secret" in Selfservice and paste it into the YubiKey Manager software under "Secret key".

10. Click on "Finish" and on "YES" in the next window.

11. In the Token Manager, click in the "Security code" field and tap your YubiKey with your finger.

The window in the Token Manager will now close automatically. If this is not the case, click on "Complete" in the Token Manager.

To use the YubiKey for MFA, insert the YubiKey into your device and tap it with your finger when you receive the prompt to enter a one-time security code from the application.

4. In case of authentication problems: Synchronize hardware token for VPN (HOTP)

If the security codes of the key no longer work for authentication, you may need to synchronize it with the corresponding token in the token manager.

Proceed as follows:

1. Click on "Synchronize" on the overview page in the Token Manager. You will find the button directly next to your token.

2. Click with the mouse in "Field 1" and tap on your YubiKey.

3. Click with the mouse in "Field 2" and tap on your YubiKey.

4. The token now synchronizes automatically and the window closes. If this is not the case, click on "Synchronize token" in the token manager.


  Zusatzinformation

If you have any problems creating, using or losing your tokens, please contact the IT-ServiceDesk.

last changed on 07/30/2024

How did this content help you?

Creative Commons Lizenzvertrag
This work is licensed under a Creative Commons Attribution - Share Alike 3.0 Germany License