Zur deutschen Seite wechselnHere you will find instructions on how to activate a software token on a computer or laptop. This requires an Autheticator application (app) on your computer/laptop. We recommend that you first familiarize yourself with the information at 2fa.tugraz.at.
Requirements
To activate a token for the first time, you need a registration code (a 6-digit number). Note: The registration code can only be used once. Students, staff members, and alumni can find the registration code in TUGRAZonline, in the application "Account Status". "Connect users" (accounts for external users) will receive the registration code via email.
If you have already activated a token and you want to activate another token, use your current OTP as the registration code.
Please install an authenticator app, such as the 2fast - Two Factor Authenticator app from the Microsoft App Store, and then launch it.
A tutorial will be displayed during the initial startup process. You can read through the tutorial or click Skip.
It is necessary to save a data file locally on your PC. Select Create new data file (first start). Choose Select local path and specify where you want to save the file. Next, you need to choose a file name; this can be anything, for example "2fast-file". You also need to choose a password. This password will be required every time you open the app and is separate from the OTP (One-Time Password). After that, click Create file.
Open the website otp.tugraz.at in your browser. Log in using your TU Graz username and your registration code (6-digit number).
Click on Enroll Token to create a new token.
Optionally, you can add a description to your token. Click Generate token again. You will then see a QR code displayed.
Go back to the 2fast app. Click on Add account in the top left corner.
Select Scan QR code. Then follow the instructions in the app. Select the window where the QR code is displayed (your browser). The app will then automatically detect the QR code. After that, click on Create account.
Important final step: Next, enter the OTP generated by the app, which can be found below the QR code on the otp.tugraz.at page. Then click on Verify token!
The code displayed in the app is your OTP. By clicking on the OTP in the app, it will be copied to your clipboard, saving you the trouble of having to type it in manually.
Please install an authenticator app, such as the Step Two app from the Mac App Store, and then launch it.
Open the website otp.tugraz.at in your browser. Log in using your TU Graz username and your registration code (6-digit number).
Click on Enroll Token to create a new token.
Optionally, you can add a description to your token. Click Enroll token again. You will then see a QR code displayed.
Go back to the Step Two app. Click on the + icon and select Scan two-step QR code.
You must allow the application to access your screen. Move the scan window of the Step Two application over the QR code in the browser.
Important final step: Enter the OTP generated by the app in the field below the QR code on the otp.tugraz.at page. Then click on Verify token!
The code displayed in the app is your OTP. By clicking on the OTP in the app, it will be copied to your clipboard, saving you the trouble of having to type it in manually.
Step Two is also available in the App Store for iOS and iPadOS, and it can be synchronized with all your devices via iCloud, so you will have a copy of the token on each of your Apple devices.
Here are some example options explained, depending on your Linux distribution and version, the steps may differ slightly.
Option 1
On Debian/Ubuntu/… systems, there is a tool called OTPClient, which can be installed using:
apt install otpclient
The next steps are identical to the steps for Windows (see above).
Option 2
If you prefer to work from the Command Line Interface (CLI), the following method will work. However, it is absolutely essential that the secret is stored securely (e.g., in a password manager):
1. Install the oathtool using the following command:
apt install oathtool
2. Open the website otp.tugraz.at. Log in with your TU Graz username and registration code.
3. Click on Enroll Token. Optionally, you can add a description to your token. Click Enroll Token again. You will now see a QR code.
4. Copy the URL shown here:
otpauth://totp/TOTP01280DE7%20USERNAME%40privacyIDEA?secret=xxx…xxx&algorithm=sha256&period=60&digits=6&iss uer=ZID%20TU%20Graz
5. Use the secret value (xxx…xxx) to generate the code:
oathtool -b --totp=sha256 "xxx…xxx" -s 60
It's best to store this entire command in your password manager.
Option 3
1. If you already use the password manager pass, you can also install the OTP extension (Debian/Ubuntu):
apt install pass-extension-otp
2. The otpauth URL (mentioned in Option 2) can then be entered (twice):
pass otp insert Enter otpauth:// URI for this token:
This will create a subfolder in the password manager with the name of the issuer, and an entry within that folder containing the token's serial number and the username, e.g.:
ZID TU Graz TOTP00268D1C testerl@privacyIDEA
3. The OTP can then be generated as follows:
pass otp code "ZID TU Graz/TOTP00268D1C testerl@privacyIDEA"
4. It is advisable to create an alias for this, e.g.:
alias tug-otp='pass otp code "ZID TU Graz/TOTP00268D1C testerl@privacyIDEA"'
This way, you only need to remember one command.
Help! I'm stuck!
Don't panic! Our IT support team will be happy to assist you:
Quick help:
Phone: +43 316 873 7000
Email: it-support@tugraz.at
Monday – Thursday 08:00 – 16:00
Friday 08:00 – 15:00
! Closed Wednesday 11:00 – 12:00
Personal IT support:
ZID Servicepoint
Stremayrgasse 16/GF
Room number: BMTEG050
Monday – Thursday 08:00 – 16:00
Friday 08:00 – 15:00
! Closed Wednesday 11:00 – 12:00
