IAIK-2FA | Studentnet Enrollment

How to enable 2FA

IAIK is enabling 2FA on all external services.
We have provided you with an initial TOTP via e-mail.

You need to complete 2FA enrollment, to retain access to your account. Once we switch to enforcement-mode, all login attempts with non-2FA enabled account are going to fail.

1. Retrieve your initial TOTP using the email-address we send you the message to.
   
2. Go to https://sso.iaik.tugraz.at/casa and login with your existing StudentNet credentials, provided by IAIK in combination with the initial TOTP from your e-mail.
3. Enroll your 2FA methods. For web-based services you can choose any method provided by Gluu. For SSH and RDP logins, a SuperGluu device is required.
   
4. IMPORTANT: To be able to use SSH and RDP logins, ensure you enroll a SuperGluu push-device.
   
5. Once you complete the SuperGluu device enrollment, your device shows up.
   
6. We recommend to enroll your own “backup”-TOTP and delete our initial provided TOTP from your account for security-reasons!

How to test 2FA login

1. Just logout from https://sso.iaik.tugraz.at/casa, after enrolling additional 2FA methods.
2. Re-login with your newly added 2FA method.

SSH and RDP logins

When logging into SSH and RDP services at IAIK, you are going to receive a push-notification to complete the login.

You need to have a SuperGluu device enrolled into your account. See “4.” above.