Email
Main Content

Two-factor authentication

The two-factor authentication service (2FA service) of Philipps-Universität Marburg is used for modern, centralised and secure authentication for the applications provided by the university and thus effectively increases the security of the IT infrastructure provided and the data stored therein.

Users are authenticated at 2FA-enabled applications by means of a user name and user password (first factor, "something you know") as well as a token assigned to the user and issued to the user (second factor, "something you have", e.g. TAN token, app token, YubiKey token). By checking the second factor, the risks of current attack scenarios such as man-in-the-middle, phishing and brute force attacks can be significantly reduced.

In many connected applications (LDAP online directory, 2FA portal, live support, live chat, GitLab, etc.), two-factor authentication takes place at login. The user name of the university account (e.g. "muellerx" or "Muellerx") is entered as the user name. The personal user password directly followed by a valid one-time password is entered as the password.</p

In Marvin, on the other hand, the login is as before only with the user name of the university account (e.g. "muellerx" or "Muellerx") and personal user password. The second factor is only requested for examination matters (e.g. registration, deregistration) by entering a valid one-time password (e.g. TAN token, app token) separately.

Target group

Employees, students, guests

Prerequisites

Status

The following university-internal services are currently connected to the central 2FA service:

The connection of further services is being planned.

Forms

Instructions

  • Support and help

    If you have problems with authentication, please contact the FAQ on two-factor authentication or to the IT Service Desk (Lahnberge), also available by email at . Please state your account and the topic of your enquiry.

  • Related services

  • What you need to know

    What is authentication? What is authentication

    Authentication is the assertion of properties by an entity for subsequent authentication. Authentication is the verification of the properties claimed by an entity to ensure the authenticity of the entity. This conceptual distinction does not exist in English-speaking countries. Authentication can therefore mean both, depending on the context.

    Software and system design

    The two-factor authentication service at Philipps-Universität Marburg is based on the open source software PrivacyIDEA. PrivacyIDEA offers a wide range of functions, can be flexibly expanded and enables seamless integration into the existing and constantly evolving IT infrastructure of the data centre. To guarantee high performance, high availability and optimum maintainability, PrivacyIDEA runs redundantly and horizontally scalable in the data centre in cluster operation with several PrivacyIDEA workers.

    HRZ-internal services with two-factor authentication

    • GitLab portal for source code management and continuous integration (staff)
    • Graylog portal for log management (staff)
    • Kibana portal for data visualisation (staff)
    • VPN via VPN group vpngroup-hvpn (hrz)