Email
Main Content

Two-Factor Authentication

The two-factor authentication service (2FA service) of the Philipps-University Marburg is used for up-to-date, centralized and secure authentication for the provided applications of the university and thus for an effective increase in security for the provided IT infrastructure and the data stored therein.

Users are authenticated at 2FA-enabled applications by means of user name and user password (first factor, "something you know") and additionally a token assigned to the user and issued to the user (second factor, "something you have", e.g., TAN token, app token, YubiKey token). By checking the second factor, the risks of current attack scenarios such as man-in-the-middle, phishing and brute force attacks can be significantly reduced.

In many connected applications (LDAP online directory, Argus authentication portal, live support, live chat, iDoit, GitLab), two-factor authentication is performed at login. The user name of the university account (e.g. "muellerx" or "Muellerx") is entered as the user name. As password the personal user password is entered directly followed by a valid one-time password.

In Marvin, on the other hand, logging in is done as before using only the user name of the university account (e.g. "muellerx" or "Muellerx") and a personal user password. Only for examination matters (e.g. registration, deregistration) will the second factor be requested by separately entering a valid one-time password (e.g. TAN token, app token).
Attention: This does not yet apply to students of the state examination programs of FB20, for whom the exam registration still runs via QIS.

Target group

Staff, students

Requirements

Status

Currently, two-factor authentication is supported in the following university-wide services:

The connection of further services is being planned.

Forms

Instructions

  • Support and Help

    In case of problems with authentication, please contact the Two-factor-authentification FAQ or the IT-Servicedesk (Lahnberge), also reachable by email at . Please specify your account and the topic when making inquiries.

  • Related services

  • Things to know

    Where German differs - authentication (Authentisierung and Authentifizierung)

    Authentication (Authentisierung) is the assertion of properties by an entity, for subsequent authentication (Authentifizierung). Authentication (Authentifizierung) is the verification of properties asserted by an entity, to ensure the authenticity of the entity. In the English-speaking world, this conceptual distinction does not exist. Authentication can therefore mean both, depending on the context.

    Software and system design

    The two-factor authentication service of Philipps-Universität Marburg is based on the open source software PrivacyIDEA. PrivacyIDEA offers a high functional scope, is flexibly expandable and enables seamless integration into the existing and continuously evolving IT infrastructure of the data center. To guarantee high performance, high availability and optimal maintainability, PrivacyIDEA runs redundantly and horizontally-scalable in cluster operation with multiple PrivacyIDEA workers in the data center.

    University internal services with two-factor authentication

    The following university-internal services are currently connected to the central 2FA service:

    • LDAP online directory (students/staff/hrz)
    • Live support (students/staff)
    • Live chat (students/staff)
    • Marvin Campus Management System (students/staff).

    University Computer Center internal services with two-factor authentication

    The following University Computer Center internal services are currently connected to the central 2FA service:

    • i-doit portal for technical documentation (staff)
    • GitLab Portal für Source-Code-Management und Continuous Integration (staff)
    • Graylog Portal for Log Management (staff)
    • Kibana Portal for Data Visualization (staff)
    • VPN via VPN group vpngroup-hvpn (hrz)