1

Open the Token Management System and log in.

2

To continue with further steps, an application that generates verification codes is required. If you already have an app for this form of authentication, you can use the one you already have installed. If you do not have such an application, you can use Aeigs Authenticator for Android or Raivo OTP for iOS, or alternatively, a password manager like KeePassXC that supports this form of authentication.

After installation, continue with the I have a verification app button.

Open

3

Enter a description for your first verification code token, then continue with the Continue button. The description serves only as your name for the token.

Open

4

You do not have to back up the QR code or the link. You can register another authenticator application later through a new code.

Enter the verification code from the application and then click the Verify Token button.

5

If the code is correct, the token will be enrolled.
When performing the initial MFA setup, click the Continue button.​
If you are enrolling an additional token, the process is successfully completed.

6

Multi-Factor Authentication is now activated to access all services behind the ProxyIdP instance.
Confirm with the OK button.

7

When initially setting up Multi-Factor Authentication, it is also required to save backup codes. You can download them in PDF or print them out using the Download or Print buttons, respectively. After doing so, click the I have my backup codes button.

8

In this step, Multi-Factor Authentication was successfully activated. All services behind this instance of ProxyIdP will now require Multi-Factor authentication. If you are satisfied with having MFA turned on for all services, you can click the Log out button.

If you want to select which services will require MFA, click the Service Settings button and follow https://perunaai.atlassian.net/wiki/pages/resumedraft.action?draftId=213352458&draftShareId=dafbbefe-e153-4bc8-b206-86418bc3132b .