Multifactor-Authentication (MFA) describes a procedure which requires the users to confirm their login to a service via a separate application or a separate medium or device. This increases the security of the systems used and can protect users from data misuse.
Multifactor-Authentication at the RWTH
The MFA for the VPN service was introduced on February 1, 2024. This has been mandatory since March 19, 2024.
On July 2, 2024, the MFA for the RWTH Single Sign-On (SSO) was made mandatory throughout the university. Your SSO account gives you access to Shibboleth-protected applications such as RWTHonline, IdM Selfservice, SAP Fiori, GigaMove and many more. With the introduction of MFA, access to these services will be protected with an additional security code that you can generate using the token types you have chosen yourself. From this point onwards, you will no longer be able to log in to SSO-protected applications without a suitable, self-set second factor.
Various token types are currently available for SSO:
You can use the following token types to use the VPN:
Both private and business end devices are permitted for the generation of time-limited one-time passwords (e.g. via Authenticator apps). Authenticator apps for the desktop can therefore also be installed on work PCs. The use of private devices is entirely voluntary and cannot be expected.
In principle, you can always select and use the "TAN list (one-time security codes)" method. However, please note that the TAN list is only intended as a backup in case the other token types do not work or are lost. Therefore, always make sure that you have a TAN list with unused codes available. Be sure to use the last TAN to generate a new TAN list.