FAQ - Identity Management

Your RWTH Single Sign-On login credentials consist of your username (format: ab123456) and your password.

You received them when you registered your account via a coupon.

If you forgot your login credentials, you can use the IdM-PasswordReset.

Guide: IdM-PasswordReset step-by-step

To login, you need the following:

• your username (Format ab123456),
• your password for your RWTH Single Sign-On Account,
• Tokens for multifactor authentication (MFA).

If you forgot your login credentials, you can use the IdM-PasswordReset.

Guides:

• IdM-PasswordReset step-by-step
• Login with RWTH Single Sign-On Account and MFA

If you forgot your username or your password for RWTH Single Sign-On, you can use IdM PasswordReset.

A step-by-step guide is available on the page Using IdM PasswordReset Feature.

If you do not have access to your contact email address and therefore cannot use the IdM PasswordReset, there are four more ways to obtain your login credentials:

• Pick up credentials in person at the IT-ServiceDesk
• Pick up credentials via power of attorney
• Get new credentials by mail
• Get new credentials via in-house mail (RWTH employees only)

You will receive your login credentials for RWTH Single Sign-On via the ConnectMe procedure.

Your coupons will come from different issuers depending on which group you belong to. For example, students receive their coupons from the Registrar's Office. RWTH employees receive theirs from the Human Resources Department.

When you log in to a platform with RWTH Single Sign-On (Shibboleth),your web browser saves encrypted, platform-specific information about you (Cookies). This allows you to be automatically logged in to other platforms that use RWTH Single Sign-On. For example, logging in to RWTHonline will automatically log you in to RWTHmoodle.

To log out of your account, configure your web browser to delete the saved information when you close your browser.

Information on deleting cookies for common web browsers can be found on the following websites:

• Chrome
• Firefox
• Edge
• Safari (MacBook)
• Safari (IPhone)

If you do not want to clear all cookies and cache, make sure you delete those from Shibboleth (sso.rwth-aachen.de and idm.rwth-aachen.de).

When logging into your RWTH Single Sign-On account on a public or shared computer, use a secure browsing mode (e.g., private or incognito mode). These modes are configured so that all cache and cookies are cleared when you close the browser window. This ensures that the next user of the computer will not be able to access your account.

The error message "opensaml:FatalProfileException" can have multiple causes:

1. You have not yet set up a token for multi-factor authentication (MFA).  Please follow our step-by-step guide to MFA.
2. You are using a Chromium browser, such as Microsoft Edge, Google Chrome, or Opera. Please try an alternative browser, such as Mozilla Firefox.
3. Your IP address changed while you were logged in. Close all open browser tabs and log in again.
4. Cookies are preventing you from logging in. Clear your browser's cookies and cache and log in again.

Information on deleting cookies for common web browsers can be found on the following websites:

• Chrome
• Firefox
• Edge
• Safari (MacBook)
• Safari (IPhone)

If none of the above measures fixes the problem, please contact the IT-ServiceDesk. Be sure to provide a screenshot of the error message, a description of the website you were trying to access, and your RWTH username (Format ab123456).

This error message appears when you click on the Back button in your browser while logging in.

To resolve the issue, close the browser and/or clear the cache and delete the cookies for sso.rwth-aachen.de.

Information on deleting cookies for common web browsers can be found on the following websites:

• Chrome
• Firefox
• Edge
• Safari (MacBook)
• Safari (IPhone)

If you have two or more usernames and have problems using an IT-based service, please try to access it with all known usernames.

You might have different permissions (e.g. student or employee status) on different accounts. You can check it in the IdM-Selfservice.

If you still have problems using the service, please contact the IT-ServiceDesk.

If there are no problems with the usage of the specific services, the usernames cannot unfortunately be merged. 

There may be various reasons why your RWTH Single Sign-On session is terminated and you have to log in again and use MFA:

• The RWTH Single Sign-On session has expired: After 14 hours, your RWTH Single Sign-On session will be automatically terminated and you will have to log in again.
• The browser has been closed: Closing the browser completely usually results in the RWTH Single Sign-On session also being terminated.
• Cookies: Deleting cookies may also result in you having to log in again. Furthermore, the RWTH Single Sign-On requires cookies for the login process to work.
• iCloud Private Relay: The use of iCloud Private Relay can lead to problems with RWTH Single Sign-On under certain circumstances. You can find out how to deactivate iCloud Private Relay for a network or for individual pages in the official Apple documentation.
• IP change: A change of an IP address, caused for example by the use of a VPN software or the use of a mobile network, can also lead to an interruption of the session.

Please check your settings and the stability of your internet connection. If problems persist, please contact the IT-ServiceDesk.

Many online services offer an "institutional login" or a "Shibboleth login." You can log in to these services using the account of the institution to which you are affiliated.

If RWTH Aachen University is listed among the institutions, you can log in with your RWTH Single Sign-On account. 

Please note: Access to an online service may require more than an RWTH Single Sign-On account. It may also require a specific status or attribute (e.g., student or employee). If you have any questions, please contact the IT-ServiceDesk.

The exact procedure is described in the manual Link to the test system of RWTH Aachen University.

You can update some of your personal details in the IdM-Selfservice.  Other data must be changed in the system. Who is responsible for editing the data depends on your status (e.g. student or employee).

You can find more information on the page Changing personal information.

Please note:

• Names are entered in the system and displayed in Identity Management as they appear on your ID.
• If you have several first names, you can select a preferred name in the IdM-Selfservice. This name will be used as the display name for your email address, for example.
• However, some systems are not yet technically able to display your preferred name. Other systems must show your full name for legal reasons, for example if they generate official documents that must contain your full name.

Your student coupon will be sent to you in an email with the subject line "Willkommen an der RWTH — Welcome to RWTH Aachen University." You should receive this email within 24 hours of receiving the email confirming your enrollment.

If you did not receive the email:

• Check whether it has been moved to your spam folder.
• Make sure that you have paid the semester fee. To do so, navigate to "Applications" in RWTHonline and click the magnifying glass icon in the Actions column. If a green checkmark appears next to your semester fees, the money has been received.
• If you made the transfer more than seven business days ago and have not yet received a coupon code, please contact the Registrar's Office.

If you have lost your coupon code, contact the department that issued it:

• RWTH employees: Personalabteilung
• Students: IT-ServiceDesk
• Scholarship holders: Scholarship administrator
• Angehörige Organisationseinheit: Role administrator ("Rollenverwaltung") of the organization
• UKA and FB10 employees: UKA-IT
• Other UKA members: see Coupons in UKA Context
• Other groups

Please follow our guide on how to manage roles.

You can find an overview of all the roles assigned to you in the IdM-Selfservice under the menu item Roles and Groups > Roles. 

Roles are automatically revoked in the following cases:

•  If the role expiry date has passed. A reminder email will be sent to you and your role manager two weeks before the expiry date. Your role manager can reassign you the role.
• If you no longer meet the conditions for the role.

For example, many roles require the "PVZ" condition to be met. This means that, to activate and retain the role, you must have a business email address registered in the RWTH Person Directory (PVZ). If there is no email address in the PVZ-entry anymore, the condition is no longer met and the role will be revoked overnight. 

A role manager can also revoke roles manually if necessary.

This error occurs if no work email address has been entered for you in RWTHcontacts.

Contact your organization's administrator and request that an email address be entered.

Then, you can redeem the coupon again, provided that it has not expired.

This error message means that your RWTHcontacts entry is not yet connected to Identity Management (IdM) or has yet to be synchronized with IdM.

In order for this condition to be met, you require an entry in the RWTH Person Directory. The data from this entry will be synchronized with IdM on the following day.

Please contact a person at your organization with the role Verwaltung Organisation.

Many roles require an entry on RWTHcontacts. This condition must be fulfiled by you as a role holder. It ensures that you will be assigned an official contact (address, e-mail, phone number) which is necessary for the assumption of roles.

This contact does not necessarily have to be the contact in the organizational unit for which you are assuming the specific role. E.g. you should, if you are assuming a role for multiple organizations, assign your primary contact.

Open your image in GIMP and export it as a jpg file. Then try the upload again.

Should there still be problems, you can change the color profile with GIMP:

1. Open the image in GIMP.
2. Open the Image menu.
3. Select Mode.
4. Select RGB. 
5. Click on Convert.
6. Export the image as a jpg file.

The photo upload should now work.

The European Student Identifier (ESI) is a digital identifier for international student exchanges.

If you need your ESI:

1. Log in to the IdM-Selfservice.
2. Click Accounts and Passwords > Account Overview.
3. Click the pencil symbol (Edit Account) in the Action column next to RWTH Single Sign-On.
4. Use CTRL+F to search for "esi". You will find your ESI in the field labeled SchacPersonalUniqueCode.

Every now and then, you will receive automated emails from the IdM system. For example, you will receive an email when you change your address in IdM Selfservice, when your name is changed in a source system, or when passwords are changed.

These emails will always be sent from no-reply@itc.rwth-aachen.de and will have [RWTH-IdM] in the subject line. The messages are addressed to you personally by your preferred name and surname.

All of our emails are signed with an official, valid certificate issued for the aforementioned sender. To avoid phishing, you can verify the authenticity of the messages by checking these attributes.

If you are unsure whether an email is authentic, do not click any links in the email. Forward it as attachment to the IT-ServiceDesk.