You are located in service: Multifactor-Authentication (MFA)

Setting up the first token

Setting up the first token

Detailinformation

On this page you will learn how to set up your first token for multi-factor authentication (MFA) in the Token Manager.
This is necessary for the following accounts:

The MFA is set up in the following steps:

  1. Setting up the first token
  2. Setting up further tokens

1. Setting up the first token

Vidoe tutorial on first steps in the Token Manager.

Step 1
First call up the Token Manager.

Step 2
Choose Create.

When you open the Token Manager for the first time, you must first create a TAN list, download it and store it securely locally. The TAN list serves as a backup for resetting lost tokens and is necessary to generate additional tokens.
Make sure to generate a new TAN list before using the last code on your current list.

Please note: 
If you cancel the generation of the TAN list, you will be locked out of the token manager and must visit the IT-ServiceDesk during opening hours with a valid ID document to verify your identity.

Step 3
Choose "TAN list (one-time security codes)" and click "Next".

Step 4
Enter a unique description for the list (e.g. My TAN list) and a password which complies with the RWTH password guidlines (at least 8 characters, at least 1 digit, at least 1 letter).

Please note:
After you have set your password, you cannot view or change it.

Step 5
Click on Create and Download to save the TAN list on your device.

Downloading a TAN list again

Step 6
Please make sure that your list has been saved to your device and can be opened. If you need to restart the download, you can do so by clicking Download Again.

We strongly recommend that you immediately set up an additional type of token.

 

2. Setting up further tokens

After you have created the first TAN list, click Next to choose another type of token.

The following token types are available:

*Recommended for use

Which token to choose?

  • To protect both the RWTH Single Sign-On and VPN accounts simultaneously with just one hardware key, you must set up the "Hardware token for VPN and RWTH Single Sign-On (HOTP)".
  • If you purchase a hardware key yourself and want to use it for RWTH Single Sign-On and VPN at the same time, make sure that it at least supports the OTP protocol. 
  • The most secure standard for web services is WebAuthn/FIDO2, which can be set up with the "Hardware token for RWTH Single Sign-On". 
  • If you do not have a hardware key (e.g. YubiKey), use one of the other tokens.

In case of further problems please contact the IT-ServiceDesk

last changed on 12/20/2024

How did this content help you?

Creative Commons Lizenzvertrag
This work is licensed under a Creative Commons Attribution - Share Alike 3.0 Germany License