You are located in service: Identity Management

Guideline Accounts and Roles for new Employees

Guideline Accounts and Roles for new Employees


This page contains a guide intended for IT administrators and personnel staff that are in the process of setting up accounts and roles for new employees. The recommendations are limited to the scope of IT services provided by the IT Center.

It is recommended to follow the steps described below in order.



1. Coupon Redemption

 (By the employee using IdM ConnectMe)

After a new employee has signed a contract of employment, the personnel department sends out an e-mail with a ConnectMe-coupon. This applies for employees that have a contract of employment with the personnel department of the RWTH Aachen (departments 8.1 and 8.2).

If a person already has a username, the status "RWTH employee" will be added to the existing one (e.g. student employees who are studying at the RWTH or Alumni). People without a username can instead use their ConnectMe-coupon to initially register in the Identity Management of RWTH Aachen University.

During redemption of the coupon, a username (format: ab123456) is generated.


The ConnectMe coupon can be redeemed no earlier than 6 weeks before the start of employment. After receipt of the coupon it takes 24 hours until it can be redeemed.

If the ConnectMe-coupon has been lost, new employees have to contact the personnel department.


2. Setting up an Official Email Address

(In MailAdm by the email administrator of the respective organization with the role "Administration MailAdm")

Official email addresses can be created in Mailadm by the email admins of the institutes and other organisations at RWTH Aachen University. As soon as the username (format: ab123456) is active, the institution IT administrators can set up a corporate e-mail account in the .

Personal e-mail addresses in the form are optional for the employees. They can be requested in the IT-ServiceDesk of the IT Center.


We recommend that the official email address is only set up after the ConnectMe registration has been fully completed, including the 24-hour synchronisation period. A username (format: ab123456) must already have been generated in order for the email account to be linked with it. Otherwise, there is a high chance of duplicate identities being generated, which causes problems for everyone involved (e.g. different accounts with different usernames).


3. Registering the Phone System

(In the TK-Portal by an existing employee and the new employee)

The registration of new employees for the Cisco phone system is initiated by an existing employee in the TK-Portal with the telephone request "Apply for registration". The new employee must then complete the registration themselves once they have received the link for the registration form by email. There is a guide for filling out the registration form.


We recommend registering for the phone system before an employee is added to the RWTH Person Directory. This way, they can be added to the directory with their phone number.


4. RWTHcontacts and Connection to the Identity Management

(In the RWTH Person Directory by someone with the role Administration Organisation)

New employees must be added to the organisation that they will be working for in the RWTH Person Directory by someone with the role role "Verwaltung Organisation". While adding employees, information such as contact information should be added for the employees. Only once this has happened, will they become visible in RWTHcontacts.

The entry is required to be able to assign roles (e.g. convetional purchaser) to employees. This is to ensure that people authorized for roles have an official email address available.



All employees can check their connection in the Selfservice in User Data > RWTH data > RWTHcontacts Entries.

The connection is necessary for accepting most roles.

It may take up to 24 hours before the link is synchronized with the Identity Management and the role coupons can be redeemed.


5. Assigning roles

After an entry has been made in the RWTH Person Directory and an official email address has been registered, the role manager (inter-institutional) can assign local roles to new employees:

Assigning of local roles by the role manager


6. RWTHonline

New employees are transferred to RWTHonline after a successful registration via ConnectMe. It will take between 24 and 48 hours before the login in RWTHonline becomes be possible due to the account still needing to be created.

RWTHonline functions are assigned by the function managers. You will find further information in the RWTHonline documentation portal (ONLY accessible from the RWTH network).


7. VPN (Virtual Private Network)

Employees automatically receive a VPN account. This offers secure, encrypted access to the RWTH network. Some services and documentation can only be reached from the RWTH network. Analogously to the personal email account, an initial password must be set for the VPN account using the account list in the IdM Selfservice.

Once the password has been generated, at least one token for multifactor-authentication must be created in the token manager.
Protected Services and respective Token Procedures explains which token types are available for the individual services and provides links to the corresponding configuration instructions.

VPN access is only supported via the Cisco AnyConnect Client. Installation links and configuration manuals, as well as further information about the VPN, can be found in our VPN documentation.


8. Eduroam (WiFi)

Employees can connect to the "eduroam" networks of RWTH Aachen University and other universities. To use the network, you must first generate login information for your devices using the eduroam device manager. The login to the device manager uses the RWTH Single Sign-On.

Please note that both a new username and password are generated by the device manager. Further information and configuration manuals can be found in our eduroam documentation.

last changed on 03/12/2024

How did this content help you?

Creative Commons Lizenzvertrag
This work is licensed under a Creative Commons Attribution - Share Alike 3.0 Germany License