IAIK-2FA | Studentnet Enrollment
How to enable 2FA
IAIK is enabling 2FA on all external services.
We have provided you with an initial TOTP via e-mail.
You need to complete 2FA enrollment, to retain access to your account. Once we switch to enforcement-mode, all login attempts with non-2FA enabled account are going to fail.
- Retrieve your initial TOTP using the email-address we send you the message to.
- Go to https://sso.iaik.tugraz.at/casa and login with your existing StudentNet credentials, provided by IAIK in combination with the initial TOTP from your e-mail.
- Enroll your 2FA methods. For web-based services you can choose any method provided by Gluu. For SSH and RDP logins, a SuperGluu device is required.
- IMPORTANT: To be able to use SSH and RDP logins, ensure you enroll a SuperGluu push-device.
- Once you complete the SuperGluu device enrollment, your device shows up.
- We recommend to enroll your own “backup”-TOTP and delete our initial provided TOTP from your account for security-reasons!
How to test 2FA login
- Just logout from https://sso.iaik.tugraz.at/casa, after enrolling additional 2FA methods.
- Re-login with your newly added 2FA method.
SSH and RDP logins
When logging into SSH and RDP services at IAIK, you are going to receive a push-notification to complete the login.
You need to have a SuperGluu device enrolled into your account. See “4.” above.