https://www.uni-passau.de/en/webservice/mnav/155775/mnav.webservice
Apply Study options Academic Advice Service Course catalogue International Office Careers and Competencies Examinations Office Graduate Centre Student Services Association University Library
Deutsch
Hauptnavigation öffnen
Suche einschränken Gesamte Universität Hilfe- und Supportportal
Help & support

MFA registration and changing the method

If you have set up multiple multi-factor authentication (MFA) methods, you can choose between the available methods each time you log in.

Note: The security key and passkey methods are always displayed in pairs, even if only one of them is set up. The method that is not activated cannot therefore be used.

We basically distinguish between two groups of login methods:

Passwordless methods:

Methods with password entry:

Procedure: Switching between methods

If you log in to university services and use the Authenticator app as your second factor by default, you can switch to a different method when logging in as follows:

Bild Kennwort eingeben

On the login page, click on the option “Use your face, fingerprint, PIN, or security key instead”.

Bild Verwenden eines anderen Gerätes wählen

If you have set up Windows Hello for Business on the device you are logging in from, this method will be displayed first. Here you can choose between the methods you have set up (PIN, facial recognition, or fingerprint).

Please note: Windows Hello for Business is device-specific and must be set up separately on each of your ZIM-managed devices.

If you want to use a security key or passkey, for example, select “Use another device”.

FIDO2 Methode andere Geräte auswählen

Then select one of the following options:

  • iPhone, iPad, or Android device”: Log in with a passkey that has been set up on a third-party device, e.g., a passkey on a private smartphone in the Microsoft Authenticator app.
  • Security key”: The configured security key (YubiKey) with PIN.
  • This Windows device”: Use Windows Hello for Business to sign in with the set-up methods PIN, fingerprint, or facial recognition.

Confirm your desired sign-in method with “Next”.

If you want to go back and use a sign-in method with password entry, click “Cancel”.

If you are offered the option of logging in with a security key (e.g., YubiKey), Windows Hello for Business, or a passkey, but would prefer to log in with a password instead (password + authenticator app/SMS/call), please proceed as follows:

FIDO2 abbrechen
Auf andere Weise anmelden

In the dialog box that appears, click “Cancel” and then select the desired method under “Sign in another way”.

Mit Kennwort anmelden

You can now choose between the password entry method and the password-free methods “Face ID, fingerprint, PIN, or security key”.

Select “Use my password”.

General information on registration

Single sign-on on company devices

When you log in to your work device with your ZIM ID and MFA, you automatically receive Single Sign-On (SSO) for many services. This means that after logging in once with MFA, you can use all connected services without having to log in again.

For applications that use Microsoft SSO, the login information is not stored in each individual application, but centrally via the system login on the service device.

What does that mean in practical terms?

  • When you log out of an application (e.g., StudIP), your Microsoft SSO session remains active in the browser or on your work device. The next time you click "Login", Microsoft will automatically log you back in. You won't need to re-enter your password or MFA.
  • Closing and reopening the browser does not usually end the SSO session. As long as the device is logged in to the work device and the SSO session remains active, you will remain logged in.

This behavior is technically intentional and corresponds to the basic principle of SSO: One login is sufficient for accessing many services.

Single sign-on on personal devices

For personal devices: Single Sign-On (SSO) within a browser session.

After logging in to a service in the browser using multi-factor authentication (MFA), you will have access to other connected university services without having to log in again. On personal devices, the login with Microsoft Single Sign-On is saved in the browser as soon as an MFA login has been performed within a browser session.

So, if you only sign out of the application, your Microsoft session in the browser remains active. The next time you click "Log in", you'll be automatically logged back in—without having to enter your password or MFA again.

The SSO session is limited to the current browser session:

  • As long as the browser is open: automatic re-login.
  • When the browser is completely closed: the session ends. Therefore, after reopening the browser, login is required again, including MFA.

To end all existing sessions, you can use the "Sign out everywhere" function in the administration portal of your Microsoft account. This option ends all open sessions, apps, and browser logins for M365 services associated with your account.

1. To do this, access the overview of your Microsoft account: https://myaccount.microsoft.com/.

2. Go to the "Overview" tab and click "Log out everywhere" in the bottom left corner, then confirm the following message with "OK".

Überall abmelden
Share this page

Beim Anzeigen des Videos wird Ihre IP-Adresse an einen externen Server (Vimeo.com) gesendet.

Video anzeigen