Main Content

Two-factor authentication

The two-factor authentication service (2FA service) of Philipps-Universität Marburg is used for modern, centralised and secure authentication for the applications provided by the university and thus effectively increases the security of the IT infrastructure provided and the data stored therein.

• Where to activate the token received by post? Continue to the 2FA portal
• First semester and no token yet? Continue to the 2FA portal
• Registered for exams in Marvin and don't have a token? Go to the application
• Employed at the university and no token yet? Continue to the application
• Report a lost token? Go to the application
• Create and manage TAN or app tokens yourself? Continue to the 2FA portal

Users are authenticated at 2FA-enabled applications by means of a user name and user password (first factor, "something you know") as well as a token assigned to the user and issued to the user (second factor, "something you have", e.g. TAN token, app token, YubiKey token). By checking the second factor, the risks of current attack scenarios such as man-in-the-middle, phishing and brute force attacks can be significantly reduced.

In many connected applications (LDAP online directory, 2FA portal, live support, live chat, GitLab, etc.), two-factor authentication takes place at login. The user name of the university account (e.g. "muellerx" or "Muellerx") is entered as the user name. The personal user password directly followed by a valid one-time password is entered as the password.</p

In Marvin, on the other hand, the login is as before only with the user name of the university account (e.g. "muellerx" or "Muellerx") and personal user password. The second factor is only requested for examination matters (e.g. registration, deregistration) by entering a valid one-time password (e.g. TAN token, app token) separately.

Target group

Employees, students, guests

Prerequisites

• Central user account (Uni-Account)
• A functional token (TAN token, app token, YubiKey token).
  Employees receive their token (YubiKey) automatically after reporting the data from the HR department
  Students create their first token analogue to the account activation issue of the initial token (students)
  Guests, partners and service providers receive their token via the application for the issue of a token for two-factor authentication

Status

The following university-internal services are currently connected to the central 2FA service:

• Benutzungsantrag für Mitarbeitende (staff)
• Digitale Zertifikate (students/staff)
• GitLab (students/staff)
• LDAP online directory (students/staff/hrz)
• Live-Support (students/staff)
• Live-Chat (students/staff)
• Marvin Campus Management System (students/staff)
• SSH Login-Server (students/staff)
• VPN (students/staff)

The connection of further services is being planned.

Forms

• Request to issue a token for two-factor authentication
• Message on the current status of a token

Instructions

• App-Token
• TAN token
• YubiKey-Token

• Inhalt ausklappen Inhalt einklappen Support and help

  If you have problems with authentication, please contact the FAQ on two-factor authentication or to the IT Service Desk (Lahnberge), also available by email at 2fa@hrz.uni-marburg.de. Please state your account and the topic of your enquiry.

• Inhalt ausklappen Inhalt einklappen Related services

  • Zentrales Benutzerkonto (Uni-Account)
  • Shibboleth (Web-Login)

• Inhalt ausklappen Inhalt einklappen What you need to know

  What is authentication? What is authentication

  Authentication is the assertion of properties by an entity for subsequent authentication. Authentication is the verification of the properties claimed by an entity to ensure the authenticity of the entity. This conceptual distinction does not exist in English-speaking countries. Authentication can therefore mean both, depending on the context.

  Software and system design

  The two-factor authentication service at Philipps-Universität Marburg is based on the open source software PrivacyIDEA. PrivacyIDEA offers a wide range of functions, can be flexibly expanded and enables seamless integration into the existing and constantly evolving IT infrastructure of the data centre. To guarantee high performance, high availability and optimum maintainability, PrivacyIDEA runs redundantly and horizontally scalable in the data centre in cluster operation with several PrivacyIDEA workers.

  HRZ-internal services with two-factor authentication

  • GitLab portal for source code management and continuous integration (staff)
  • Graylog portal for log management (staff)
  • Kibana portal for data visualisation (staff)
  • VPN via VPN group vpngroup-hvpn (hrz)