FAQ about MFA

Here you find answers to the most frequently asked questions about the use of multi-factor authentication on UCPH.

General information

 

This depends on whether you are a student, an employee (including external and associated) or a visitor.

Students

As a student, you have three ways in which to authenticate yourself when logging on to the systems covered by multi-factor authentication:

  1. SMS one-time code

    Students are automatically registered for the SMS one-time code solution where they receive a text message with a one-time password to enter during the login procedure when they want to log in to the UCPH systems covered by multi-factor authentication.
    You will receive a text message with a new code every time you log in to one of the systems covered by multi-factor authentication.
    This solution requires correct registration in Self Service of your phone number, including country code
    On https://it.ku.dk/english/login-help/ you will find a guide to how to check and possibly correct your phone number so that you can receive text messages with one-time passwords.
    This solution can be used on all mobile phones.
  2. NetIQ Advanced Authentication app for smartphones

    NetIQ Advanced Authentication is an app for your smartphone that can be used as a multi-factor method – a bit similar to the NemID app, which you perhaps use for online banking, public websites, etc.
    The app requires a phone with at least Android 8.0 or iOS 10.

The app does not need an Internet connection to be used as a multi-factor method.
You can find a guide to installing the NetIQ app on https://it.ku.dk/english/login-help/.

  1. FIDO2 USB security key:

    Students can also use a FIDO2 USB security key.
    You must buy this security key in an electronics webshop – for example dk, computersalg.dk, iphonehus.dk, amazon.com, etc.
    On https://it.ku.dk/english/login-help you can find a guide to configuring the security key so you can use it to log in to the University's systems.

Employees, externals and associated:

For employees, externals and associates, there are two ways in which to authenticate yourself when logging on to the systems covered by multi-factor authentication:

  • NetIQ Advanced Authentication app for smartphones

    NetIQ Advanced Authentication is an app for your smartphone that can be used as a multi-factor method – a bit similar to the NemID app, which you perhaps use for online banking, public websites, etc.
    The app requires a phone with at least Android 8.0 or iOS 10.

The app does not need an Internet connection to be used as a multi-factor method.
You can find a guide to installing the NetIQ app on https://it.ku.dk/english/login-help/.

  • USB security key (Yubikey)

    Employees can order a USB security key - a Yubikey - in the IT Self Service portal.
    Orders must be approved by your line manager, and during the ordering process you will be asked to enter payment information such as an alias and a unit code, as your department is to pay for the security key. You can also ask your manager for this information.
    The USB security key will be delivered to your local support centre, and once you have received it, it’s ‘plug'n play’. When you log on to KUnet, you select the USB security key as an authentication method, and then you put the key into a USB port in your computer and press a button on the key. You will then be logged in.
    You can find a guide to using the USB security key on https://it.ku.dk/english/login-help/.

Visitors

For visitors, there are two ways in which to authenticate yourself when logging on to the systems covered by multi-factor authentication:

  1. SMS one-time code

    For this solution, the employee at UCPH who invited you to use the University's systems must go to identity.ku.dk where your guest access was set up and enter your mobile phone number correctly, including country code.
    You can find a guide to how you as a visitor can use the multi-factor solution at https://it.ku.dk/english/login-help/.
  2. NetIQ Advanced Authentication app for smartphones

    NetIQ Advanced Authentication is an app for your smartphone that can be used as a multi-factor method – a bit similar to the NemID app, which you perhaps use for online banking, public websites, etc.
    The app requires a phone with at least Android 8.0 or iOS 10.

The app does not need an Internet connection to be used as a multi-factor method.
You can find a guide to installing the NetIQ app on https://it.ku.dk/english/login-help/.

 

 

Currently there is a general error in relation to the handling of cookies, which can lead to system errors or displaying of wrong websites. Several users have experienced errors of this type, for example in connection with login to KUmail (webmail).
UCPH IT has tasked a work group with finding a solution to this problem as soon as possible.
If you encounter errors of this kind, you can use a browser in Incognito (Chrome) or InPrivate (Edge) mode.

You do this by right-clicking on the browser's program icon and selecting 'New Incognito window' (Chrome) or 'New InPrivate window' (Edge):

Opening InPrivate window in Edge

Then the browser opens a window with a black background:

Browser window opening in Edge with a black bagground

In this browser window, you can now carry out the steps listed in the instructions for registration for multi-factor authentication, using the NetIQ app for your smartphone, etc.

Please note that when using an Incognito/nPrivate browser, you must write or copy/paste all web addresses into the address field, as links in the documentation will not open directly in your Incognito/inPrivate window.

When using the Incognito/inPrivate browser window, you should not encounter errors related to the current cookie issue.

 

 

On https://it.ku.dk/english/login-help you can find a guide describing how to register for multi-factor authentication. The guide also contains information about how to use the solution without NemID.

 

 

They can follow the guide ‘MFA registration at mfa.ku.dk’, which is available in English at https://it.ku.dk/english/login-help

 

 

You can always check whether the multi-factor solution is working by logging in to https://mfa.ku.dk or if you a webmail (KUmail) you can login her http://webmail.ku.dk
However, there is currently a cookies issue. If you experience system errors, blank pages, etc. you can avoid the issue by using a browser in Incognito/InPrivate mode. Find out more about this under the question When I try to register on the MFA solution, I experience system errors or I’m taken to the wrong websites. What should I do? as listed above.

 

 

Danish universities are increasingly a target of hacker attacks.
We can only guess why hackers take an interest in university systems, but we have seen attacks at other universities, and leading experts and authorities in this area assess the risk of hacker attacks on universities as being ‘very high’.
You can read about it in this article from Version2 from last autumn:
https://www.version2.dk/artikel/hacker-truslen-mod-de-danske-universiteter-stiger-klart-sket-negativ-udvikling-1091506 (in Danish only).

When UCPH as a central strategic goal wants to become one of the world's most IT-secure universities, it’s because we have a natural operational obligation towards our users to ensure that business-critical tasks – teaching, exams, research, etc. – can be carried out.
In addition, we have an obligation to protect the University’s data,  such as personal data and research data.

 

 

It’s a strategic goal for UCPH to become one of the world's most IT-secure universities in terms of access to sensitive data and access to the University's IT systems. This means that, in the coming years, IT security will be gradually increased on all of the University's systems.
As KUnet is the preferred gateway to UCPH's systems for many, it has been decided to use multi-factor authentication for KUnet, Self Service and group rooms as a first step towards more security solutions. Specifically in relation to KUnet, it’s possible to access information on KUnet that users might not want to share publicly – for example contact information.

 

 

This will come in due course. Launching multi-factor authentication on KUnet, Self Service and group rooms starts the process of introducing this security solution, with all other systems to follow later.

 

 

Yes. Regardless of whether you use your mobile phone, tablet, private computer, KU computer, SUND/SCIENCE computer or a public computer, you will be asked to log in with multi-factor authentication unless your computer is connected to the University's network by a network cable or is logged in to the network via Cisco VPN (AnyConnect).

 

 

  • Cisco VPN (AnyConnect)

    When using Cisco VPN you will be excepted from using the multi factor authentication as Cisco VPN requires MFA for establishing the VPN connection.
  • UCPH cabled network

    When you are on the cabled network you will also be excepted from MFA. However, there are exceptions for Niels Bohr Institute and Department of Chemistry – see below.
  • EDUROAM

    When using EDUROAM you will need to use multi factor authentication to login to the systems for covered by the MFA solution.
  • SUND VPN (Pulse Secure)

    When using SUND VPN you will need to use multi factor authentication to login to the systems for covered by the MFA solution as the SUND VPN is not covered by multi factor authentication.
  • SCIENCE VPN

    When using SCIENCE VPN you will need to use multi factor authentication to login to the systems for covered by the MFA solution as the SCIENCE VPN is not covered by multi factor authentication.
  • Network at Department of Chemistry

    As the network at Department of Chemistry is decentrally managed and not part of the same security zone as the rest of the physical network at UCPH, multi factor authentication must be used when accessing the UCPH covered by the MFA solution.
  • Network at Niels Bohr Institute

    As the network at Niels Bohr Institute is decentrally managed and not part of the same security zone as the rest of the physical network at UCPH, multi factor authentication must be used when accessing the UCPH covered by the MFA solution.

For employees only

 

The SMS solution is not considered secure enough for employees, who often have access to systems and data of a sensitive nature.

 

 

Employees can order a Yubikey using the IT Self-Service portal at https://itself-service.ku.dk.
When you have logged in to IT Self-Service with your UCPH user name and password, go to New order > PC and Software > Accessories (Computer) and there you will find 'Yubikey' listed under items that can be ordered.

Please note!
Your order for a Yubikey must be approved by your line manager. They can also give you the information you need in order to complete the order, such as alias and unit code.

 

 

 

 

You can’t use NemID to log in to KUnet, Self Service and group rooms because this solution has not yet been implemented.
It is currently expected that NemID will be made available during autumn 2021.

For students only

 

First you must check if your phone number is registered correctly in Self Service, including country code.
On https://it.ku.dk/english/login-help/ you can find a guide to checking and possibly correcting your phone number in Self Service.

 

 

 

 

For a small number of students, the SMS solution does not work, unfortunately. This is not due to limitations in the SMS solution, but to challenges with international text messages from these students' phone operators.
The easiest solution for them is to use the NetIQ app for smartphone for multi-factor authentication. They can follow the guide ‘MFA registration at mfa.ku.dk’, which is available in English at https://it.ku.dk/english/login-help.  

 

 

Having a Danish phone number is not necessary for using the SMS solution.
Regardless of whether you are a Danish or an international student, you can - if you do not receive a text message with a one-time password when attempting to log in - follow the guide Check and change phone number in Self Service - which you will find here: https://it.ku.dk/english/login-help.

However, for a small number of students, the SMS solution does not work, unfortunately. This is not due to limitations in the SMS solution, but to challenges with international text messages from these students' phone operators.
The easiest solution for them is to use the NetIQ app for smartphone for multi-factor authentication. They can follow the guide ‘MFA registration at mfa.ku.dk’, which is available in English at https://it.ku.dk/english/login-help.  

 

 

Because a security key must be paid for. As there are several other and free solutions available to users, UCPH does not pay this expense. UCPH recommends using the authentication app via smartphone as the easiest and most secure alternative to the SMS solution, and the app solution is free of charge just like the SMS solution.

Students can buy a USB security key based on the FIDO2 standard online from several large electronics webshops – for example dustinhome.dk, computersalg.dk, iphonehus.dk, amazon.com, etc.