Skip to main content

MFA Token Activation / Token Change

Quick links

Activation software token

Activation hardware token

Glossary

Video-Explanation

Pros and cons hardware vs. software tokens

QR-codes for authenticator apps in the app stores


NOTICE FOR EMPLOYEES WITH SOFT TOKENS:

The authentication method for your login will be switched to Microsoft Entra ID on May 19, 2025. During the transition period from May 19 to June 23, 2025, you will need to activate a new token in the Microsoft portal, which will serve as the second factor for authentication and replace your old token.

After 23rd of June you will be prompted to activate a new token when loging in (e.g. at AkademieOnline).

NOTICE FOR EMPLOYEES WITH HARDWARE TOKENS:

No changes are required. Your hardware token remains valid!

Software token self service / Change

    1. If you do not have MFA (Multi Factor Authentication) yet:
      Install the authenticator app of your choice on your smartphone.

      ZID only supports and tests:

      Microsoft Authenticator (recommended) (Android, iPhone)
      Google Authenticator (Android, iPhone) and
      PrivacyIdea Authenticator (Android, iPhone).

      See also QR-Codes for downloading the authenticator apps.

      (FreeOTP and other apps also work and are allowed for use, but ZID does not test them actively.)

    2. Open the Microsoft-Login page in a browser and login with your academy e-mail address and CampusOnline password:

      (You don't need to create a new account.)

    3. After logging in you will see this dialog box:

      To generate a new token please click "Weiter" ("Next").

    4. If you want to use a different authenticator app than Microsoft Authenticator, please skip the next steps and follow these instructions.

      If you would like to use Microsoft Authenticator with push notifications, continue here. Push notification is a more modern, secure, and convenient form of multi-factor authentication. You only need to enter two digits and your smartphone PIN (or fingerprint), and you will receive a notification, for example, if someone attempts to log in using your credentials.
      Note: This type of authentication requires an active internet connection (Wi-Fi or mobile data on your smartphone)

      Please click "Next":
    5. Click on "Next" again:
      You will now need your smartphone.

    6. Install the Microsoft Authenticator app on your smartphone through your device's app store (Google Play Store (Android) / App Store (Apple)). Download, installation and use are free.

      Please refer to QR-codes for authenticator apps for links to the app stores.

    7. Open the Microsoft Authenticator app on your smartphone and tap the QR-code symbol in the bottom right corner:
    8. Scan the QR-code that is shown on your computer with your smartphone through the Microsoft Authenticator app. Then click on "Next":
    9. The computer will show you a set of numbers, as shown below. Then you will receive a notification on your smartphone. Enter the code  into your smartphone and confirm it there:
    10. Click on "Next":
    11. You are done. You have successfully created a second factor for your authentification and can log in using Microsoft Authenticator in the future.
    12. Optional: You can now erase your old token from your authenticator app


Token activation with an alternative authenticator app (other than Microsoft Authenticator)

    1. Note: You do not need to use the Microsoft Authenticator. If you would like to use a different authenticator app (e.g., Google Authenticator or PrivacyIdea Authenticator), please click on "Ich möchte eine andere Authentifikator-App verwenden"
    2. Click on "Next":
    3. If you don’t have an authenticator app installed yet, you need to do so now. If you have an authenticator installed, please go to step 4.

      Install the authenticator app through your device’s app store (Google Play Store (Android) / App Store (Apple)). The most used alternatives at the Academy are “PrivacyIdea Authenticator” and “Google Authenticator". Both are free to download and use.

      Please refer to QR-codes for authenticator apps for links to the app stores.

    4. Open the authenticator app on your smartphone and tap the button to add the QR code for the new token.

      This is an example screenshot of the PrivacyIdea Authenticator app:
    5. Scan the QR-Code that is shown on your computer with the authenticator app on your smartphone and click "Next":
    6. Enter the six-digit code, which is shown in the authenticator app:
    7. You are done. You have now successfully activated the second factor:
    8. Optional: Around ten minutes after activating the new token, you can test your Login at Akademie Online. If it works you can now erase your old token from your authenticator app.

      To delete your old token, put your finger on the old token and swipe left. After that select “Delete” and confirm.




Hardware token

If you don’t want to use a software token, you can request a so-called hardware token. This is an external device which generates the token for your MFA-login. 

To request a hardware token, please send an email to support@akbild.ac.at.

Glossary


> What is SSO?  

SSO is short for "Single Sign-On." It allows users to access multiple services with a single, centralized login without needing to log in again for each service.

> What is MFA?  

MFA is short for for "Multi-Factor Authentication." This system uses multiple "factors" for authentication, requiring all of them to be correct for a successful login, e.g., a regular password (first factor) and a one-time password also called token (second fator). This enhances account security because access is only granted if both factors are present. For instance, even if a password is stolen via phishing, an attacker cannot log in without the second factor.

> What is a token?  

A token is a code (usually six digits) generated (either by a hardware device or by an application) for authentication purposes. Tokens are typically valid for a limited time (e.g., 30 seconds) to enhance security.

> What is a software token / soft token?  

A software token is a token generated by an authenticator application, usually installed on a smartphone.

> What is a hardware token?  

A hardware token is a token generated by a dedicated hardware device. The device itself, which generates the token, is also commonly referred to as a "hardware token."

Video-Explanation



Pros and Cons - hardware token vs. software token

What are tokens? Tokens are random six-digit numbers, which are generated either by a dedicated hardware device or by an application.  During a login this number is requested in an additional step after filling in the username and password,, before the user is logged in.

Software token in authenticator app (PrivacyIdea):

Hardware token:


Pros and Cons:
Software TokenHardware Token
No additional deviceA small device on the keychain
Self-service (can be activated without VPN 24/7)Collection from ZID necessary
3 factor authentification (if pincode, fingerprint or similar is activated on the smartphone)2 factor authentification 
Use of private phone is necessaryAcademy provides the hardware
No data transmission
No personal data is being exchange at the time of the activation

QR-Codes for authenticator apps

PrivacyIdea authenticator app (Android):PrivacyIdea authenticator app (Apple):
Google authenticator app (Android):Google authenticator app (Apple):
Microsoft authenticator app (Android):Microsoft authenticator app (Apple):