MFA for logging in to the Terminal Server Infrastructure
To be able to log on to the terminal server infrastructure of ADAM, a second factor is required. In addition to a hardware token, a time-based one-time password (TOTP) can also be used for this purpose. With the help of an authentication app, the TOTP method can be set up independently.
Self-registration of the TOTP Method
The first step is to establish a connection between the MFA appliance and the authentication app. To do this, log in to the self-service of the MFA Appliance under the following link:
https://mfa.adam.rwth-aachen.de
- Username: ADAM\SAMAccountName
- Password: ADAM-ADMIN-PASSWORT
If necessary, please change the password for your ADAM admin account in the Web-Frontend Adm.
After logging in, you can see which authentication methods are already configured and which can still be added. Since in this case the TOTP method is to be set up, this is selected:
On the TOTP method page, a QR code is displayed at the bottom of the page. This must be scanned with an Authenticator app and then the configuration is already complete.
Generally, different authenticator apps can be used.
Our recommendation is to use a separate device if possible (e.g. work cell phone).
If there is no possibility to use a second device for authentication, you can alternatively install the 2fast program on your client system (see the next section).
Installation and Configuration of 2fast
If no separate device can be used, it is possible to install 2fast for Windows directly via the Microsoft Store:
https://apps.microsoft.com/detail/2fast---two-factorauthenticator/9P9D81GLH89Q?hl=en-us&gl=US
Installation:
- In the 2fast program, a new database file must be created first. For this password-secured file, a name, path and password must be defined.
- Once the creation of the database file has been completed, the next step is to add an account.
- Then, using the "Select key QR code" function, the account must be added. Next, the QR code must be selected from the appliance's self-service.
- The secret key is automatically filled in and a label and account name can also be assigned.
- Confirm with "Create account".
After successful creation of the account, the TOTP method can be used when logging in to the terminal server infrastructure. The one-time code is updated in an interval of 30 seconds.