Two-Factor Authentication via Push Token

Prerequisite: Installation of Authenticator App on your Mobile Device

The Push token requires the installation of an authenticator app on your mobile device (e. g. smartphone, tablet).

There are numerous authenticator apps or OTP clients for Linux/Windows/macOS/iOS available. You can use the authenticator app of your choice. As the SIM-MFA web portal is also provided by privacyIDEA, we recommend to use the latest version of the privacyIDEA Authenticator. Please be aware that we do not provide support for app-specific problems of other apps!

Click here to install the privacyIDEA Authenticator app

Instructions to Rollout the PUSH token

Please note!

In the following, we describe the rollout procedure using the privacyIDEA app!

  1. Open menu entry "Enroll Token" of the SIM-MFA web portal (Fig. 1).

  2. Select token type "PUSH: Send a Push Notification to a smartphone." ("PUSH: Sendet eine Push Nachricht an ein Smartphone.") from the drop-down menu in the SIM-MFA web portal (Fig. 1).

  3. PUSH settings

    • "Description" ("Beschreibung"): optional (may be useful to identify a token in the list of tokens, see menu entry "All Tokens")
  4. Roll out the new token via button "Enroll Token" ("Token ausrollen") (Fig. 1).

  5. The SIM-MFA portal has created a QR code (Fig. 2).

  6. Open the app PrivacyIDEA Authenticator on your mobile device.

  7. Tap the big blue icon ("+" icon in older versions) to add a new token. The app activates the camera.

  8. Scan the QR code of the new token. Please do not scan the QR codes from Fig. 1!

  9. The app already shows the serial number of the token, but will also show "Ausrollen" for approx. 20 - 60 seconds. It may take longer. Please wait!

  10. When it's finished, the web portal page will be updated (Fig. 3).

Done!

Now, the app is ready to receive push messages from the LRZ server.

Figure 1: Steps 1 - 4 of push-token rollout (click on image for large view)

 

Figure 2: QR code of new push token (click on image for large view)

 

Figure 3: Push-token rollout finished (click on image for large view)

 


NOTE

Use QR codes only once! If the procedure fails or you lose the QR code, generate a new one. Never save the code on your local computer or the HPC system.

Manage Tokens

Two-Factor Authentication: Token Management in SIM-MFA web portal