MFA FAQ and tips
At the University of Copenhagen you need to login with multi-factor authentication (MFA). Here you find answers to frequently asked questions and help on how to get started.
General information
This depends on whether you are a student, an employee (including external and associated) or a visitor.
Students
As a student at UCPH you can authenticate with multi-factor in one of following ways:
-
Install the app ‘NetIQ Advanced Authentication’
You can find a guide on how to install the NetIQ app on https://it.ku.dk/english/login-help/. The app requires a smartphone with at least Android 8.0 or iOS 10.
-
Use NemID
The use of NemID requires a Danish security number (CPR) and a NemID app or NemID keycard.
Read how to set up multi-factor authentication with NemID, on the page Help for login. -
Use a SMS one-time password
As a student you are automatically registered for the SMS one-time password, where you receive a text with a new one-time password every time you have to log in with multi-factor authentication.
To receive a SMS one-time password your phone number and country code have to be registered in Self Service on KUnet. On help for login you will find a guide on how to check and possibly correct your phone number so you can receive text messages with one-time passwords. -
Buy a USB security key (FIDO2)
As a student you can also use a FIDO2 USB security key. You can buy the security key in an electronics webshop – for example dk, dk, iphonehus.dk, amazon.com, etc.
On help for login you can find a guide to configure the security key so you can use it to log in to the University's systems.
Employees, externals and associated
Employees, externals and associates at UCPH can authenticate with multi-factor in one of the following ways:
-
Install the app ‘NetIQ Advanced Authentication’
You can find a guide to installing the NetIQ app on help for login. The app requires a smartphone with at least Android 8.0 or iOS 10. -
Use NemID
The use of NemID requires a Danish security number (CPR) and a NemID app or NemID keycard. Read how to set up multi-factor authentication with NemID, on the page Help for login. -
Order a USB security key (Yubikey)
Employees can order a USB security key - a Yubikey – on Serviceportal.ku.dk. Orders must be approved by your line manager in Serviceportal. You can find a guide on how to use the USB security key on https://it.ku.dk/english/login-help/.
Visitors
As a visitor you can multi-factor authenticate yourself by either:
-
Install the app NetIQ Advanced Authentication
You can find a guide to installing the NetIQ app on help for login.. The app requires a smartphone with at least Android 8.0 or iOS 10.
-
Use a SMS one-time password
For this solution, the employee at UCPH who invited you to use the University's systems must go to identity.ku.dk where your guest access was set up and enter your mobile phone number correctly, including country code.
You can find a guide to how you as a visitor can use the multi-factor solution at help for login.
Danish universities are increasingly becoming the target of hackers, who attempt to steal valuable research data or try to extort by destroying or encrypting data. If a hacker attack succeeds, it can mean both financial and personal losses – and that teaching, research, exams etc. at the University cannot be carried out.
It is a strategic goal for UCPH to become one of the world's most secure universities. This means that IT security will gradually be increased on all the University's systems over the next years.
With multi-factor authentication, we increase IT security so it becomes more difficult to steal login information and gain access to your and UCPH's confidential data, research and personal data - such as social security numbers, blood samples, data from test subjects etc.
UCPH is in the process of introducing two-factor authentication on all KU's IT systems, so IT security at the University is increased.
For students only
1. Choose which method you would like to use for multi-factor authentication. You can choose between:
a) App: NetIQ Advanced Authentication
b) A one-off code per SMS
c) A USB security key
d) NemID - requires a Danish security number (CPR)
- Find and follow the guide for your preferred method on the Help for login page
- Once you have followed the instructions, you can use multi-factor authentication to log in to UCPH's IT systems, e.g., KUnet.
Tip for multi-factor authentication
➡ Keep your browser open: When you are logged in with multi-factor authentication, e.g. on KUnet, you can be logged in for 24 hours without having to use multi-factor authentication again, if you use the same browser and do not close it.
- If you have chosen another multi-factor solution e.g. the NetIQ app as your preferred one, you will not receive an SMS one-time password.
- Check if your phone number and country code are registered correctly in Self Service.
On help for login you can find a guide to checking and possibly correcting your phone number in Self Service. - For a small number of students, the SMS solution does not work, unfortunately. This is due to challenges with international text messages from students' phone operators.
The easiest solution for students with this issue is to use the NetIQ app for smartphone for multi-factor authentication. You can follow the guide on the NetIQ app, which is available in English at help for login.
You can find information on how to install NetIQ on your new phone in this guide: https://it.ku.dk/english/documents/MFA_-_app_registration_-_students.pdf
Having a Danish phone number is not necessary to use the SMS solution.
Regardless of whether you are a Danish or an international student, you can - if you do not receive an SMS with a one-time password when you try to log in - follow the guide Check and change phone number in Self Service.
You have to buy a USB security key yourself because UCPH can not cover the cost of a USB security key. Instead you can use one of the other free solutions available to students, UCPH recommends the NetIQ app for smartphone as the easiest and most secure alternative to the SMS solution.
You can buy a USB security key based on the FIDO2 standard online in several of the most well-stocked electronics webshops, e.g. dustinhome.dk, computersalg.dk, iphonehus.dk, amazon.com
For employees only
The SMS solution is not considered secure enough for employees, who often have access to systems and data of a sensitive nature.
You can find information on how to reinstall NetIQ on your new phone in this guide: https://it.ku.dk/english/documents/MFA_-_app_registration.pdf
Yes. Regardless of whether you use your mobile phone, tablet, private computer, KUcomputer, HEALTH/SCIENCE computer or a public computer, you will be asked to log in with multi-factor authentication unless your computer is connected to the University's network by a network cable.
-
Cisco VPN (AnyConnect)
When you have logged on to Cisco VPN with multi-factor authentication, you will not need to authenticate with multi-factor on other IT systems. -
UCPH cabled network
When you are on the cabled network you do not need to use multi-factor authentication.
However, there are exceptions for Niels Bohr Institute and Department of Chemistry – see below. -
EDUROAM
When using EDUROAM you need to use multi-factor authentication to access the UCPH IT systems. -
HEALTH/SUND VPN (Pulse Secure)
When you use HEALTH/SUND VPN you will need to use multi factor authentication to access UCPH IT systems. -
SCIENCE VPN
When you use SCIENCE VPN you will need to use multi factor authentication to access UCPH IT systems. -
Network at Department of Chemistry
As the network at Department of Chemistry is decentrally managed and not part of the same security zone as the rest of the network at UCPH, you need to login with multi-factor authentication when accessing UCPH IT systems. -
Network at Niels Bohr Institute
As the network at Niels Bohr Institute is decentrally managed and not part of the same security zone as the rest of the physical network at UCPH, multi factor authentication must be used when accessing UCPH IT systems.