What is MFA?
Multi-factor authentication (MFA) is a security procedure that makes access to an account or system more secure.
In addition to the password, at least one other factor, known as a token, is required. This factor can be, for example, a unique code from an app or text message, a fingerprint or a special USB stick.
The combination of several factors prevents unauthorized persons from gaining access to an account or system with the password alone. This makes common phishing attempts considerably more difficult.
Who is affected and when?
- ZIMT employees (since 2025)
- University administration and managers (since the end of 2025)
- Employees (starting 2026)
- Students (starting 2026)
Which services will receive MFA?
Services that are connected via single sign-on (SSO) will mainly be affected. Some services are listed below as examples.
The new VPN client eduVPN will only be usable with a configured MFA.
Services offered by the University Library (UB) that are based on ZIMT services.
The login on the Uni-Siegen website.
Microsoft Office 365 is a comprehensive productivity solution that includes applications such as Word, Excel, PowerPoint and Outlook and offers seamless collaboration and data access from anywhere.
Also known as webmail.
SharePoint supports collaboration in project teams and departments with the help of dynamic and efficient team websites.
Webex is a comprehensive suite for video conferencing, online meetings, webinars, file sharing and team collaboration.
Citrix Workspace is an integrated platform that enables employees to securely deploy and manage applications, data and desktops.
The path to the second factor
Sign up
Go to the eduMFA portal (mfa.uni-siegen.de) and log in with your ZIMT or administration account data.
Enroll tokens
After successfully logging in to the eduMFA portal, you can click on Enroll token or Assign token (only YubiKeys given out to the university administration) in the menu bar on the left side, and then create the tokens of your choice. It is strongly recommended to set up at least two different token types.
MFA is activated
You've done it!
From now on, you will also be asked for one of your enrolled tokens when logging in.
Frequently Asked Questions
Multi-factor authentication (MFA) is a security procedure that makes access to an account or system more secure.
In addition to the password, at least one other factor, known as a token, is required. This factor can be, for example, a unique code from an app or text message, a fingerprint or a special USB stick.
The combination of several factors prevents unauthorized persons from gaining access to an account or system with the password alone.
A token is a type of digital key. It is used to log in securely to a system or an app. A token can be a small device, a smartphone app or a special code, for example. One common type of token is a one-time numeric code that is only valid for a short period of time. In addition to the password, these codes are used to confirm that you are really authorized to log in.
You can think of it like the door of a safe. The safe has a combination lock and a key. For the combination lock, you need to know the corresponding combination, such as a password. The token, i.e. the second factor, is a physical key in this case, i.e. something you must have. You can only open the safe door if you have both.
This is also how it works digitally: you log in as usual with your username and password and confirm the login with a YubiKey or a TOTP authenticator app installed on your mobile device. This makes your access much more secure.
The introduction of MFA at the University of Siegen is based on the legal regulations from the agreement on cyber security of the Ministry of Culture and Science (MKW). This agreement requires universities in NRW to implement appropriate security measures to protect the integrity and confidentiality of data.
The following authenticator apps were tested for their supported parameters.
Please note: The apps are backwards compatible - an app that supports 60-second time steps also offers 30-second steps; an app with SHA512 support also allows SHA256 and SHA1.
| App | Maximum time step | Maximum algorithm |
|---|---|---|
| 2FA Authenticator | 60s | SHA512 |
| Aegis Authenticator | 60s | SHA512 |
| Bitwarden Authenticator | 60s | SHA512 |
| Duo Mobile | 30s | SHA1 |
| Duck Auth | 60s | SHA512 |
| FreeOTP | 60s | SHA512 |
| Google Authenticator | 30s | SHA1 |
| LastPass Authenticator | 60s | SHA512 |
| Microsoft Authenticator | 30s | SHA1 |
| Proton Authenticator | 60s | SHA512 |
| Yubico Authenticator | 60s | SHA512 |
The following (cheaper) alternative hardware tokens have been tested for their functionality in conjunction with eduMFA and their supported parameters.
You will usually receive the secret OTP key from the manufacturer or dealer of the hardware token, e.g. by e-mail.
| Hardware token | Token type | OTP length | Time step | Hash algorithm |
|---|---|---|---|---|
| ReinerSCT | TOTP | 6 | 30, 60 | SHA1, SHA256, SHA512 |
| Feitian C200 | TOTP | 6 | 30 | depending on the version purchased SHA1 OR SHA256 |
| Feitian A4B | HOTP | 6 | / | SHA1 |
| SWISSBIT iShield Pro | HOTP | 6 | / | SHA1 |
Note: If possible, we recommend setting up a TOTP and/or PUSH token on a smartphone or using a YubiKey.
Here you will find alternative hardware and software if you cannot or do not want to use any of the above options.
However, we do not offer support for these!
Hardware:
- ReinerSCT Authenticator
Hardware for two-factor authentication.
With the integrated camera, TOTP tokens can be easily imported via QR codes.
Software:
- Windows:
2fast - Two Factor Authenticator
The Authenticator app can be downloaded from the Microsoft Store. - MacOS:
Step Two
The authenticator app can be downloaded from the Mac App Store. - Linux:
GNOME Authenticator
Can be obtained from the Flathub repository.
If you have just enrolled a token for your account, it may take up to 10 minutes for the second factor to be requested (e.g. webmail login). You can check directly whether your account is secured by MFA by logging out of the MFA portal and logging in again. After entering your username and password, you should also be asked for the second factor in the MFA portal.
Sometimes it can happen that you receive an error message when logging into Webmail, for example:
"Try again after a while or contact the helpdesk"
The problem occurs due to outdated data in your browser's memory. Closing and restarting the browser often helps, in some cases so-called "cookies" must be deleted in the browser.
Alternatively, you can try logging in a "private" browser window.
If the problem persists in a private browser window, please contact the ZIMT SupportDesk.
It may happen that the push notification does not reach your smartphone on time. To counteract this, you can take the following steps:
- Two push tokens:
You have created two push tokens in the MFA portal for your ZIMT account because you want to use two smartphones. Unfortunately, when you log in to the Netscaler (e.g. Webmail or Citrix), the push notification is sent to the devices one after the other and not at the same time. We are working on a technical solution to the problem.
In this case, we advise you to deactivate a token again and only use the app on one device. If the problem persists, try the following two solutions. - Keep the eduMFA app in the foreground:
Open the eduMFA app before you log in. In many cases, the push notification will arrive more reliably on the device. - Check the eduMFA app settings:
Open your eduMFA app and go to the Settings button at the bottom right. Now click on Push Token and check whether the Active sending of push requests option is activated. Then press the Sync button of the Synchronize Push Token setting above.
If the problem persists even after you have tried all the suggested solutions, please contact the ZIMT SupportDesk.
If you have any further questions, please contact the ZIMT SupportDesk, either
- by e-mail to: support@zimt.uni-siegen.de
- or by phone: (0271) 740 - 4777
(Mon. - Fri. 08:00 - 15:30) - In person in room H-D 2203
(opening hours: Mon. - Fri. from 8:00 - 16:00, by telephone until 15:30)
Center for Information and Media Technology (ZIMT)
The ZIMT is the central science-related IT facility of the University of Siegen and is responsible for modern, innovative and economical IT and media services to meet the requirements of users in administration, studies, research and teaching.
