to Homepage
You are located in service Multifactor-Authentication (MFA)
General information
IT Center Help

You are located in service: Multifactor-Authentication (MFA)

Set up YubiKey
Print page

Set up YubiKey

On this page you will find instructions on how to set up your YubiKey (security key) as a hardware token in the Token Manager in Selfservice.

The YubiKey is compatible with both Hardware Token for VPN and RWTH Single Sign-On (HOTP) and Hardware token for RWTH Single Sign-On (WebAuthn/FIDO2).

Note: Not all security keys are compatible with both types of hardware token. Compatible with both types are e.g. YubiKeys, Nitrokeys (Pro 2 and 3) and selected Feitian Keys.

1. How do I get a YubiKey?

2. Connection of the YubiKey with "Hardware Token for RWTH Single Sign-On (WebAuthn/FIDO2)"

3. Connection of the YubiKey with "Hardware Token for VPN and RWTH Single Sign-On (HOTP)"

4. In case of authentication problems: Synchronize hardware Token for VPN (HOTP)

 

How do I get a YubiKey?

Employees of RWTH Aachen University will receive YubiKeys from their institution if it provides YubiKeys.

 

Connection of the YubiKey with "Hardware token for RWTH Single Sign-On (WebAuthn/FIDO2)"

Step 1: Navigate to the Token Manager in the Selfservice. If you have already created a token, follow the instructions on the screen after navigating to the token manager to enter your second factor.

Step 2: Insert your YubiKey into the USB slot on your PC.

Step 3: Create the token "Hardware token for RWTH Single Sign-On (WebAuthn/FIDO2)".

Step 4: Give the token a clearly recognizable description in the Description field (e.g. My YubiKey for SSO) and click on "Create".

Step 5: Click on "Register" in the next window.

Step 6: Choose a plcace to save a security key if needed, follow the instructions on the screen and enter a secure PIN of your choice when prompted.

Step 7: Then tap the YubiKey with your finger to complete the setup.

Step 8: To use the YubiKey for MFA, insert the YubiKey into your device and tap it with your finger when you receive the prompt to enter a one-time security code from the application.

 

Connection of the YubiKey with "Hardware token for VPN and RWTH Single Sign-On (HOTP)"

Preparation: To use the YubiKey to its full extent, you must first install the YubiKey Manager software, as you will need the software from step 5 onwards. Download the program and install it on your PC.

  • You may need to deactivate password storage in the browser extensions for your browser.
  • When using McOS devices, you need to add YubiKey Manager in your System Preferences unser Security & Privacy first.

If you have any questions or problems installing the software, please contact your local IT administrator.  

Step 1: Navigate to the token manager in Selfservice.

Note: If you are prompted to enter a second factor, you have already created a token. Use this for authentication. This can be the TAN list (one-time security codes).

Step 2: Insert your YubiKey into the USB slot on your PC.

Step 3: Create the token "Hardware token for VPN and RWTH Single Sign-On (HOTP)".

Step 4: Give the token a clearly recognizable description in the "Description" field (e.g. My YubiKey for VPN) and click on "Create".

Note: Under "Advanced options" you have the option of configuring the length of the security code. This is not necessary. If you change the setting, please ensure that the number of digits in the "Digits" field in the YubiKey Manager software (step 9, digit 2 in the illustration) is the same as under "Advanced options" in the Token Manager.

Step 5: Open the previously installed YubiKey Manager software on your PC.

Step 6: Click on the "Applications" tab and select "OTP".

Step 7: Click on "Configure" for one of the two slots.

Step 8: Select "OATH-HOTP" in the next window.

Step 9: Copy the "Token secret" in Selfservice and paste it into the YubiKey Manager software under "Secret key".

Step 10: Click on "Finish" and on "YES" in the next window.

Step 11: In the Token Manager, click in the "Security code" field and tap your YubiKey with your finger.

The window in the Token Manager will now close automatically. If this is not the case, click on "Complete" in the Token Manager.

To use the YubiKey for MFA, insert the YubiKey into your device and tap it with your finger when you receive the prompt to enter a one-time security code from the application.

 

In case of authentication problems: Synchronize hardware token for VPN (HOTP)

If the security codes of the key no longer work for authentication, you may need to synchronize it with the corresponding token in the token manager.

Proceed as follows:

Step 1: Click on "Synchronize" on the overview page in the Token Manager. You will find the button directly next to your token.

Step 2: Click with the mouse in "Field 1" and tap on your YubiKey.

Step 3: Click with the mouse in "Field 2" and tap on your YubiKey.

Step 4: The token now synchronizes automatically and the window closes. If this is not the case, click on "Synchronize token" in the token manager.

If you have any problems creating, using or losing your tokens, please contact the IT-ServiceDesk.

 Zusatzinformation

Read more about this:

last changed on 03/28/2024

How did this content help you?

Creative Commons Lizenzvertrag
This work is licensed under a Creative Commons Attribution - Share Alike 3.0 Germany License
Chat