Setting up Tokens in the IdM Selfservice
Note
Using the Token Manager (MFA)" in the IdM Selfservice, you can create and manage tokens for the following accounts:
- RWTH Single Sign-On account
- VPN account.
Information on setting up tokens for your HPC account can be found on the RegApp help pages.
Please watch our tutorial on first steps in the tokenmanager.
Please note:
- If you have not yet created a token, you must first generate a TAN list (one-time security codes). This serves as a backup in case your other tokens are lost.
- If you do not have any of the other tokens and all ten one-time security codes in the TAN list have been used up, you will no longer be able to access systems that require two factors. In this case, you can contact the IT-ServiceDesk.
After you have created the first TAN list, click "Creat" to choose another type of token.
The following types of tokens are available:
- Hardware token for VPN and RWTH Single Sign-On (HOTP)*
- Hardware token for RWTH Single Sign-On (WebAuthn/FIDO)*
- Authenticator App e.g. for Smartphone (TOTP)*
- TAN list (one-time security codes)
*Recommended for use
Each token is assigned a serial number.
Please note: Tokens from the Token Manager in the Selfservice can only be used for certain accounts. You may required additonal tokens to use other accounts, please see this list of Protected Services and respective Token Procedures.
Assistance with the selection of the token
- To be able to protect both the RWTH Single Sign-On and VPN accounts simultaneously with just one hardware token, you must set up the "Hardware token for VPN and RWTH Single Sign-On (HOTP)".
- The most secure standard for web services is WebAuthn/FIDO2, which can be set up with the "Hardware token for RWTH Single Sign-On".
- If you do not have a hardware key (e.g. YubiKey), use one of the other tokens.
For more information see: