to Homepage
You are located in service Multifactor-Authentication (MFA)
General information
IT Center Help

You are located in service: Multifactor-Authentication (MFA)

Setting up the first token
Print page

Setting up the first token

Detailinformation

On this page you will learn how to set up your first token for multi-factor authentication (MFA) in the IdM Selfservice.
This is necessary for the following accounts:

The MFA is set up in the following steps:

  1. Setting up the first token
  2. Setting up further tokens
  3. Assistance with the selection of the hardware token

1. Setting up the first token

Vidoe tutorial on first steps in the Token Manager.

First call up the Token Manager.

When you open the Token Manager for the first time, you must first create a TAN list, download it and store it securely locally. The TAN list serves as a backup for resetting lost tokens and is necessary to generate additional tokens.

Please note: 
If you cancel the generation of the TAN list, you will be locked out of the token manager and must visit the IT-ServiceDesk during opening hours with a valid ID document to verify your identity.

I. Choose "Create".

II. Choose "TAN list (one-time security codes)" and click "Next".

III. Enter a unique description for the list (e.g. My TAN list) and a password which complies with the RWTH password guidlines (at least 8 characters, at least 1 digit, at least 1 letter).

Please note:
After you have set your password, you cannot view or change it

Click on "Create and Download" to save the TAN list on your device.

Make sure to generate a new TAN list before using the last code on your current list.

2. Setting up further tokens

After you have created the first TAN list, click "Create" to choose another type of token.

The following types of tokens are available:

*Recommended for use

3. Assistance with the selection of the hardware token

  • To protect both the RWTH Single Sign-On and VPN accounts simultaneously with just one hardware key, you must set up the "Hardware token for VPN and RWTH Single Sign-On (HOTP)".
  • If you purchase a hardware key (e.g. YubiKey) yourself and want to use it for RWTH Single Sign-On and VPN at the same time, make sure that it at least supports the OTP protocol. 
  • The most secure standard for web services is WebAuthn/FIDO2, which can be set up with the "Hardware token for RWTH Single Sign-On". 
  • If you do not have a hardware key (e.g. YubiKey), use one of the other tokens.

 Zusatzinformation

In case of further problems please contact the IT-ServiceDesk

last changed on 06/25/2024

How did this content help you?

Creative Commons Lizenzvertrag
This work is licensed under a Creative Commons Attribution - Share Alike 3.0 Germany License
Chat
-