Take an undisturbed half hour and set up in this order:

  1. an authenticator app as an operating system-independent, simple, robust, network-independent additional factor that you can take with you wherever you go
  2. Recovery codes as a backup for unforeseen situations, and
  3. all your personal work devices as security tokens. This means that your PCs or notebooks act as an additional factor and you won't need any other factors in everyday office life.

Install an authenticator app on your smartphone and set it up:

Generate recovery codes and keep them in a safe place. Either printed out and locked away, or electronically in a password manager.

Your PC / notebook as Security token

If you use Windows, set up Windows Hello as an additional factor on all your devices:

If you use macOS, please follow these instructions

FIDO2 key as Security token

If you wish to use a FIDO2 key (physical security key), please follow these instructions

The next time you log in on your personal work devices (and only on these!), you can select the 'Trust this device' checkbox during single sign-on, in which case no further factors will be required on this device. You can find more information on this under: 

Frequently Asked Questions, FAQ

Why do I need MFA factors that I can take with me?

You always need an additional factor on every new or third-party PC you want to log in to with BOKU-SSO-Login. This is also the purpose of multi-factor authentication, which is why it was introduced.
In the first step, of course, this also applies to all your work devices as soon as you have set up the first MFA factor.

Basically, you have the following options if you want to log in to applications with SSO login, and therefore also to Keycloak, on a new or third-party PC:

  • Authenticator app on your smartphone
  • Recovery codes (printed out on paper or in a password safe)
  • FIDO2 key
I don't have a smartphone, how do I deal with this?

If you need to log in to BOKU-IT-Services when you are not at your own PC, the following options are available:

  • Authenticator app on your smartphone
  • Recovery codes (printed out on paper or in a password safe)
  • FIDO2 key

If you do not have a smartphone, you still have the options of recovery codes and FIDO2 key.