Multi-Factor Authentication (MFA)

Multi-Factor Authentication (MFA) is an important security measure by the kiz (Communication and Information Center). It protects access to sensitive services such as VPN or the Identity Management System through an additional security factor.

5. September 2025Stefan Rau3 Min

❓ What is MFA?

In addition to your username and password, a second factor is required — usually a time-based one-time code (TOTP) generated by an app. MFA ensures that even if your password becomes known, unauthorized access remains impossible. Access is only granted when the second factor — the TOTP code on your smartphone — is entered.

Examples of supported authenticator apps:

  • Google Authenticator
  • 1Password
  • Apple Keychain / Passwords app
  • Microsoft Authenticator

🧩 Structure of an MFA Token

An MFA token from Ulm University looks for example like this:

uulmTOTP205455H2

This token is entered once in your authenticator app. ⚠️ Important: Only one active token can exist at any given time.

⏱️ Time-Based One-Time Password (TOTP)

  • A new 6-digit code is automatically generated every 30 seconds.
  • Each code is valid only for a short time before it refreshes automatically.
  • To ensure the codes work correctly, your device’s clock must be set accurately (ideally synced automatically via network time).

🛠️ Setting Up an MFA Token

Setup is done through the university’s Identity Management (IDM) portal: 👉 Open IDM Portal

Steps to set up:

  1. In IDM, go to the “MFA Management” tab.
  2. Generate a new software token.
  3. Scan the QR code with your authenticator app.
  4. Enter the 6-digit code generated by the app into the web interface to activate the token.
  5. The token is ready to use only after successful confirmation.

📍 Where Is the MFA Code Required?

  • VPN access for Ulm University (see setup guide here)
  • Login to the Identity Management (IDM) portal
  • ✅ Other central kiz services (e.g., self-service portals)

🔄 Changing Devices: What to Do When You Get a New Smartphone?

If you replace your smartphone or another device where your MFA token is set up, you have two options:

  1. Transfer the token: Many authenticator apps (e.g., 1Password, Microsoft Authenticator) or operating systems offer a backup and migration function that allows you to move your existing token to a new device. Check your app’s settings for this option.

  2. Create a new token: If transfer isn’t possible, you can generate a new token in the IDM portal:

    • Log in to IDM using your old device and existing token
    • Under MFA Management, create a new software token
    • Scan the new QR code with your new device

    ⚠️ Important: Once the new token is activated, the old one becomes invalid. Delete the old entry from your app to avoid confusion.

ℹ️ Notes & Support

  • Only one active token can exist at a time — if you encounter problems, simply create a new one.
  • Make sure your smartphone syncs its time automatically.
  • Keep your token secure — ideally in an app that supports encrypted backup.

For questions or technical issues, contact kiz support:

📧 helpdesk@uni-ulm.de 🌐 https://www.uni-ulm.de/einrichtungen/kiz

Multi-Factor Authentication (MFA) | Ulmiversität