to Homepage
You are located in service VPN (Virtual Private Network)
General information
VPN connection via Cisco Secure Client (AnyConnect)
IT Center Help

You are located in service: VPN (Virtual Private Network)

Setting up MFA for VPN (Authenticator App)
Print page

Setting up MFA for VPN (Authenticator App)

guide

 

Note

It is not possible to use the E-Mail token for the authentication in VPN.

On this page you will learn, how to set up a second factor for the multi-factor authentication using an authenticator app and use it to log in to the VPN:

Please watch our tutorial on setting up a token for VPN.

Alternatively, you can use the following tokens for multi-factor authentication in the VPN:

Setting up a valid token

To set up a valid token via the token manager in IdM Selfservice, proceed as follows:

Step 1
Sign in into the IdM Selfservice.

Step 2
Choose Authenticator app e.g. for smartphone (TOTP) in the Token Manager in IdM Selfservice.

Optional: Add a description (e.g. the name of your app) and select a security code length and hash algorithm under Advanced Options.

Step 3
Click on Create.

The TOTP token's configuration screen, which allows you to set a custom name and configure advanced options.

Step 4
Add a new service or a new account in your Authenticator App and scan the QR-Code with you device or enter the TOTP Key into the app.

Step 5
Enter a one-time-password (OTP) shown in the app in to the field Verify TOTP an click Finish to complete the procedure. 

The app token's QR code, with the token confirmation field below it. Below the input field are the Complete and Cancel buttons.

Example: Setting up tokens in the 2FAS app

The steps in the app are the following (the cost free 2FAS App is used as an example) of a TOTP App:

Step 1
Open the app and click on pair new device.

Step 2
Scan the QR-code from the Token Manager with the app.

Step 3
Enter the one-time-password (OTP) from the app into the field in your browser and click Finish.

Overview of the steps in the 2FAS app for setting up a token using a QR code.

You can now use the app as a Authenticator App e.g. for Smartphone (TOTP). A new one-time-password (OTP) is generated every 30 seconds.

Important:Ensure that no unauthorized third parties are able to access the app.

 

Connecting to the VPN

To connect to an RWTH VPN, proceed as follows:

Step 1
Start AnyConnect and enter you vpn server (e.g. vpn.rwth-aachen.de). Establish the connection by selecting Connect.

Step 2
Choose the group RWTH-VPN (Full Tunnel) or RWTH-VPN (Split Tunnel) and enter your username in the format ab123456. Enter your VPN password as the password. The VPN password can be changed in the IdM Selfservice. Select OK to continue.

Login window of the Cisco AnyConnect VPN Client.

Step 3
Please enter a one time password. If you have not set a token yet, you can use a current date until March 19th.

One-time password entry window.

The connection should now have been established successfully. You can stop your connection at any time by selecting "Disconnect".

last changed on 05/27/2026

How did this content help you?

Creative Commons Lizenzvertrag
This work is licensed under a Creative Commons Attribution - Share Alike 3.0 Germany License
Chat