IT Center Blog

Multifactor Authentication in IdM Selfservice

May 31st, 2023 | by

IT security is a major and important topic at RWTH Aachen University and the IT Center.

Data protection title with a big blue digital lock on a dark blue background.

Source: Freepik

Already in 2021, it was reported that the introduction of multifactor authentication (Mfa) would provide systems with greater security against unauthorized access.

In order to offer the Mfa protection to further services the IdM Selfservice is now equipped with the so-called “Mfa Tokenmanager”.

This is integrated as a separate item in the IdM Selfservice so that it can be used by all members of the RWTH Aachen University.

You are welcome to read the previous post about multifactor authentication on our blog.

What Is Multifactor Authentication?

In short, Mfa is a method that requires users to authenticate multiple times to gain access to an application. Instead of requesting just a username and password as usual, this requires an additional verification factor. This reduces potential cyberattacks.

In everyday life, this method is already a popular and frequently used security element in some cases, such as online banking.

What Is The Benefit of Using It?

Each additional factor in an Mfa increases the certainty that the person requesting access to a system is also the person authorized to access it.
Very good progress has already been achieved with multifactor authentication. In numerous tests, it has already been possible to protect new applications without any problems.
The token manager offers users the possibility to create tokens, manage them and also delete them.

The options offered are:

  • tan lists,
  • email
  • and TOTP (one-time passwords).

You can create your own tokens in the IdM Selfservice. If you need help with the administration, you can find instructions in IT Center Help.

What Needs to Be Considered When Using the Service?

When using the tokens, please make sure that you use them securely. Just like passwords, a token is only as good as its secure use. Therefore, protect your devices from access by third parties.

If you decide to use TAN lists, there are a few points to keep in mind.
A generated TAN list contains ten codes, each of which can only be used once. These codes should be used in chronological order, because as soon as one is skipped, all previous, unused ones are invalid.
Therefore, we recommend creating a new list before using the last code. The TAN list is also a good way to reset other tokens if needed.

However, Mfa is not automatically built into all services on a mandatory basis. It is currently not required in any other RWTH public service, except IdM Selfservice. But even in IdM Selfservice, its use is only required for the token manager itself once a token has been created.

With regard to the other services, it is up to the respective departments of the IT center to decide whether they want to equip their application(s) with Mfa protection and set it up.

If more services make use of multifactor authentication in the future, you will find out about it directly in our blog.

You still have questions or something is unclear to you? Then feel free to leave us a comment below this post or send us an email to IT-ServiceDesk.

You want to learn more about IT security? Under the tag IT security you will find all our blog posts on this topic.


Responsible for the content of this article are Sara Erdem and Moritz Haine.

Leave a Reply

Your email address will not be published. Required fields are marked *