to Homepage
You are located in service Multifactor-Authentication (MFA)
General information
IT Center Help

You are located in service: Multifactor-Authentication (MFA)

Setting up the first token (TAN list)
Print page

Setting up the first token (TAN list)

guide

On this page you will learn how to set up your first token for multi-factor authentication (MFA) in the Token Manager.
This is necessary for the following accounts:

The MFA is set up in the following steps:

  1. Create a TAN list
  2. Set up further tokens

1. Create a TAN list

Vidoe tutorial on first steps in the Token Manager.

Step 1
First call up the Token Manager.

Step 2
Choose Create.

Please note:

  • When you open the Token Manager for the first time, you must first create a TAN list, download it and store it securely locally. The TAN list serves as a backup for resetting lost tokens and is necessary to generate additional tokens.
  • Make sure to generate a new TAN list before using the last code on your current list.
  • If you close the window or stop the process before downloading the TAN list, you will be locked out of the token manager and must visit the IT-ServiceDesk during opening hours with a valid ID document to verify your identity.

Screenshot of the token manager. Tokens are displayed in a table. This is empty when you first set it up. The “CREATE” button is located below the table.

Step 3
Choose TAN list (one-time security codes) and click Next.

Screenshot for selecting the type of token. The different types are arranged in a table. “TAN list (one-time security codes)” is in fourth place, below “Hardware token for VPN”, “Hardware token for RWTH” and “Authenticator app”. The TAN list must be selected, the “Next” button is at the bottom of the page.

Step 4
Enter a unique description for the list (e.g. My TAN list) and a password which complies with the RWTH password guidelines (at least 8 characters, at least 1 digit, at least 1 letter).

Please note:
After you have set your password, you cannot view or change it.

Screenshot of the finalize token view. The name is entered in a field below “Description” at the top of the page. The password is entered and repeated after the explanation of the “Password requirements”. The “Create and download” button is located at the bottom of the page.

Step 5
Click on Create and Download to save the TAN list on your device.

Screenshot of the finalize token view. The “Download again” button is located at the bottom of the page.

Step 6
Please make sure that your list has been saved to your device and can be opened. If you need to restart the download, you can do so by clicking Download Again.

We strongly recommend that you immediately set up an additional type of token.

2. Set up further tokens

After you have created the first TAN list, click Next to choose another type of token.

The following token types are available:

*Recommended for use

Which token should I choose?

  • To protect both the RWTH Single Sign-On and VPN accounts simultaneously with just one hardware key, you must set up the "Hardware token for VPN and RWTH Single Sign-On (HOTP)" or the Authenticator App.
  • If you purchase a hardware key yourself and want to use it for RWTH Single Sign-On and VPN at the same time, make sure that it at least supports the OTP protocol. 
  • The most secure standard for web services is WebAuthn/FIDO2, which can be set up with the "Hardware token for RWTH Single Sign-On". 
  • If you do not have a hardware key (e.g. YubiKey), use one of the other tokens.
 

Please contact the IT-ServiceDesk if you experience any further problems.

last changed on 05/23/2025

How did this content help you?

Creative Commons Lizenzvertrag
This work is licensed under a Creative Commons Attribution - Share Alike 3.0 Germany License
Chat