Account and password information
The IT services of the university can be used free of charge for teaching, research and study. However, a user permit and account with the corresponding access data is required.
The access data may not be passed on to third parties and the services may only be used by you personally (for exceptions see Disclosure of user data). By using the services, you accept the usage and operating regulations of the central IT service (ZID).
Content
- Accounts for employees and external lecturers
- Accounts for students
- Password
- Two-factor authentication
- Single Sign On (SSO)
- FAQs
- I have forgotten my password, what to do?
- I have problems with my password.
- How can I change my password?
- I cannot access my second factor.
- I lost my cell phone with the authenticator app.
- I have set up the Windows Hello PIN on my device and now I cannot add a security token.
- We have a shared account. What do we need to consider when setting up a second factor?
- I don't want to or cannot install the Authenticator app.
Accounts for employees and external lecturers
For employees who are part of the permanent staff, a personal user permit for an account is requested as part of the staffing procedure. No separate application needs to be submitted.
For all other purposes, you may complete and submit application forms online (authorized personnel only).
Requests for use can be submitted for the following group of persons:
- Employees of the University of Innsbruck
- External lecturers
- External lecturers who only use the learning management system OpenOlat
A fee is charged if a university institution uses services of the ZID for paid assignments.
External institutions, which are not university organizational units, but are strongly connected with the university, can also use services of the ZID under certain conditions. The heads of these institutions should contact the head of the ZID (Tel. 0512 507-23003).
Employees who are already actively studying will receive an employee account as their primary account. This primary account is to be used for all services. The student account (CXXXNNN) remains active as a secondary account as long as the employee is activly studying.
Upon termination of employment, the student account will be reactivated for LFU:online. If this does not happen automatically, please contact zid-benutzerverwaltung@uibk.ac.at.
Function accounts
In some cases, permits are not directly linked to a person's personal account, but separate function accounts are created. These accounts are created for one single function to separate them from personal accounts. However, the person making the permit request is responsible for the function account.
If necessary, function accounts can be used by more than one person. The person responsible for the function account should change the password regularly (at the latest when a person should no longer have access).
For information on two-factor authentication for shared function accounts, see the FAQs.
For shared mailboxes it is not necessary to share access data. Use the sharing function of our mail system for this purpose.
Delivery of user permit
The user permit for the account will be delivered to the institute or to your private address. If you have not received a user permit, please contact zid-benutzerverwaltung@uibk.ac.at.
The access data for function accounts are sent to the personal mail address from the university.
Expiry of user permit
As a rule, personal user permits are valid until the end of the person's employment, function-related user permits (for function accounts) are valid for two years from the date of permit.
In order to simplify the administration and to provide the heads of the organizational units with a more precise overview, the ZID sends out a collective application once a year. All valid function accounts are recorded on the collective application and transmitted to the ZID for further renewal or deregistration.
If a user permit is provided for deregistration, the ZID gives the affected users a two-month period to secure private data. In order to inform the users about the imminent termination of the permit, the ZID sends two expiration warnings via e-mail before expiration.
If a user permit expires, the associated account will be blocked. After the account has been blocked, the data (e-mails, documents) will remain for one year, after which they will be deleted.
Rules for expiration of accounts after termination of employment
Employees will receive a notification via email one month after the termination of the employment, stating the exact date of user permit expiration for the account. The deadline is six months for permanent staff and adjunct faculty. It is not possible to extend the user permit for the account beyond the stated date.
Emeritus university professors and retired academic staff may continue to use the personal account and apply for an extension after five years in each case.
For personal accounts, an automatic reply email will be sent for one year from the date of suspension. Staff members have the option of entering a reference to an alternative mail address there. This can either be another personal email address or a reference to an institute address.
In the information mail about the expiration of the user permit and account blocking, a link for activating this function is provided. The link is also given on LFU:online. This link is only available in the period between the sending of the first expiration warning and the blocking of the account. The activation of the automatic reply will take place only when the account is blocked.
In case of a new employment, the user permit can be extended either by means of the entry workflow or by means of the application form. The account can then be unlocked.
If the employment takes place within the expiration period, a corresponding notification for the extension of the user permit is usually sent, a separate application is then not necessary.
Accounts for students
Students receive the user permit for the IT services of the ZID, and thus an active account, together with the admission data. The user name, the initial password and the official mail address (e.g. Vorname.Nachname@student.uibk.ac.at) can be found in the permit.
If you have any questions or problems with the account, please contact zid-benutzerverwaltung@uibk.ac.at.
Communication from university institutions
Important personal messages from the university (e.g. appointments, notifications of exam results, etc.) will be sent to your mail address (for example Vorname.Nachname@student.uibk.ac.at). You can read the mails via webmail for students, in a mail client or in the university app.
Expiry of user permit
The user permit expires at the end of the admission to studies (formerly: exmatriculation) and the account is blocked. Admission to studies expires if no continuation notification (formerly: enrollment) is made.
After the end of the admission period (October 31 for the winter semester or March 31 for the summer semester, plus a processing period of one to two months), a check is made to determine which students are no longer admitted. Students who are no longer admitted will receive an expiration warning by e-mail to the university e-mail address at least 10 days before expiration with the exact expiration date. On this date, the account will be automatically blocked, an extension beyond this date is not possible.
Access to LFU:online remains active even after the account has been blocked. You can still log in with your ID and the corresponding password and retrieve your examination data, etc.
If you are admitted to the program again, the account will be reactivated in the course of the admission procedure in the Admissions Office. In this case, the ID, initial password and e-mail address remain unchanged. The password will be reset to the original initial password during reactivation. If this automatic reactivation has not taken place, please contact zid-benutzerverwaltung@uibk.ac.at.
Further information:
Password
If you wish to change your password, log in to the University's Account Portal and follow the steps provided there.
The password is used to authenticate users on the university's systems. It is permanently assigned to your ID. You can find it in the user permit sent to you (for members of the institute) or you received it with your admission documents when you were admitted to the study program (for students).
The password is valid for the services offered by the ZID. A few examples:
- PC registration
- VIS:online
- LFU:online
- OpenOlat
Secure handling of passwords
Your password protects your access to IT services of the ZID. A suitable password protects your account from being misused by others. You are responsible for actions taken from your account, even if someone else has misused your access data.
Choosing a suitable password
You will receive an initial password from ZID. Change this as soon as possible and replace it with a suitable password of your own.
Please note the following requirements for a suitable password
- The password must have at least eight characters; umlauts (ä, ö, and ü) must not be used.
- It must contain at least one uppercase letter, ideally not at the beginning of the password
- It must contain at least one digit
- We also recommend the use of special characters; suitable are dot, comma, semicolon, question mark, exclamation mark, minus, underscore; special characters must not be used at the beginning of the password.
A simple method to create a secure password: think of a sentence and construct the password from it. An example is the sentence "This is a secure password, right?".
This results in the following password:
Ti1sPw,r?
The password becomes even more secure if you change the case of singular letters or take several letters from one word (without making it difficult for you to remember), for example:
Tis1siPW,r?
Password safekeeping
Ideally, choose a password that you can remember and don't have to write down. If you are unsure if you can remember the password, write it down, but store it in a way that is not accessible to anyone else. A common mistake is to have the password written down on a piece of paper that is attached on the computer, monitor or under the keyboard. So-called password managers are helpful with the secure handling of passwords.
A platform-independent, free password manager is KeePassXC.
Administrator password
Note that there is also an "Administrator" user on your PC. A secure password must also be selected for this user. If you have questions about this or problems with your administrator user, please contact the technical support of your institute.
Entering the password
Make sure no one is watching you when you enter your password. If you are unsure whether someone has seen the password, set a new one immediately.
Disclosure of user data
The password of a personal account may only be known to the owner of the ID in order to avoid misuse.
Passing on the password to third parties violates the ZID's user regulations.
Function-related user authorizations are an exception. You can find more information about this under Function accounts.
External private accounts
Nowadays there are many web services for which you need an account.
For these web services you should in any case use a different password than for the services of the ZID: This password is transmitted over unknown and thus potentially untrusted networks. If possible, you should use a separate password for each of these services.
Modern browsers also offer the possibility to save the passwords for you, so you don't have to remember them. However, the passwords are now stored under your account in the browser profile. If someone gains access to your account, it is easy to learn these passwords. Therefore, if you use this feature of the web browser, you should pay special attention to the security of your account and assign a master password for the browser password safe.
A platform-independent, free password manager is KeePassXC.
More links on the topic
- "Have I been pwned?" Email - Check if your email or phone has been affected by a data breach.
- "Have I been pwned?" Passwords - Check if your password has been exposed in a data breach.
- Firefox Monitor - Check if your personal data has been compromised.
Two-factor authentication
With two-factor authentication, a second factor in the form of a number or a security token is requested in addition to the usual password when logging in. Only if both factors are entered correctly, the login can be performed successfully. The combination of a password (something you know) and a second factor (something you own) therefore provides better protection against unauthorized access to the account.
There are two possible methods for authentication with a second factor. For the first method, one needs an authenticator app on a cell phone. After entering the password when logging in, you have to open the app and type in a number (one-time password). The second method requires either a security token (in the form of a USB stick) or a security chip built into the computer or cell phone.
The ZID recommends setting up both procedures. If one second factor is lost, this still gives you the option of logging in with another second factor.
Once you have set up one or more second factors, you can use them to log in to university services in the future. You do NOT have to set up a second factor before each login.
Getting started - How do I set up two-factor authentication?
To set up a second factor for logging into university services, the first thing you need to do is set up an authenticator app and/or a security chip or security token. Then, in a second step, these must then be connected to your Uni account via the Account Portal.
Open the Account Portal and follow the instructions there to start directly.
Authenticator App - Android and iOS
An authenticator app generates one-time passwords that you must enter as a second factor after logging in with your password. The method used at the university is called TOTP, which stands for time-based one-time password.
If you use multiple accounts (see function accounts), you can use the same authenticator app for all of them. You just need to link the authenticator app to the corresponding account in the Account Portal.
- Open the Play Store (app store) on your cell phone.
- Search for privacyIDEA Authenticator (NetKnights GmbH).
- Install the app and follow the steps provided.
- Access the Account Portal and follow the steps there to set up the app.
The setup process for the privacyIDEA app is described in detail below.
- Install the app and open it.
- Tap the right arrow to view the quick infos.
- Then tap on the green check mark.
- Open the university's Account Portal on your PC or laptop.
- Click Login and enter your username and password here.
- In the Two-Factor Authentication (2FA) field, click Enable.
- On your cell phone, tap on the blue circle in the middle. (You may still need to allow the app to take pictures and videos here).
- Point your cell phone camera at the QR code on the PC screen to scan it.
- On the PC, then enter the generated one-time password (6 digits) that is displayed on the cell phone and confirm with Verify.
- The authenticator app is now fully set up and connected to your university account.
Security chip
It is also possible to query the second factor via a security chip built into the computer or cell phone. This method is more practical and faster than using an authenticator app, but it is not as flexible because it is linked to a device. For example, on Windows the security chip is enabled with the setup of Windows Hello PIN. One can then use this security chip with a PIN as a second factor.
Please note: if you activate the security chip as a second factor on the device at your workplace, you cannot use it to log in to your device at home, as this second factor is tied to the device at your workplace. Please use an authenticator app or a security token in addition.
Windows Hello PIN
To use the security chip as a second factor on Windows devices you need to set up the Windows Hello PIN.
- Type in the Windows search box Sign-in options and open it. If you do not find a search box, do the following:
- Click on Start (window symbol) and then on Settings (gear symbol)
- Click on Accounts and then left in the menu on Sign-in options
- Click on Windows Hello PIN and then on Set up.
- Confirm your identity with your password.
- Set up the PIN.
- The next time you start or unlock your PC you will be asked for this PIN instead of the password.
- Attention: this PIN is only valid for the device on which you have set it up. If you want to set up a PIN on another device as well, please follow the procedure required for the corresponding operating system.
- Call up the Account Portal and follow the steps there for setting up a security token. Under Security token description, enter a name to identify the token.
Security chip - macOS
Currently, this variant only works with Safari on macOS. Chrome and Firefox are not supported.
- If you don't have an Apple ID yet, set it up on your Apple device. You can find out how to do this in the macOS user manual.
- Open the Account Portal on your Apple device and follow the steps to set up a security token.
Security chip - GNU/Linux
GNU/Linux currently lacks an implementation of a FIDO2 platform authenticator, so the TPM chips built into common hardware cannot be used as a second factor. As a result, you can currently only use an authenticator app (TOTP) or a FIDO2 roaming authenticator (e.g. dedicated security token) under GNU/Linux.
Security token
A security token is special hardware that can be used as a second factor. Please make sure that the product supports the FIDO2 standard. At ZID, successful tests have been made with the NitroKey FIDO2 and the Security Key product line from Yubico. The security token connects to a USB input on your device and typically has an actuation mechanism, such as touching a contact surface.
If you use multiple accounts (see function accounts), you can use the same security token for all of them. You just need to link the security token to the corresponding account in the Account Portal.
You should always have the security token with you, and attach it to your keychain, for example.
Access the Account Portal and follow the steps there to set up a Security Token.
Please note: if you have already set up the Windows Hello PIN on your device, you will need to cancel its entry to set up the security token.
Set up another second factor
- Open the Account Portal and click Manage two-factor authentication (2FA).
- Click New token and follow the steps given there. Here you have the choice between Authenticator App, Security Chip and Security Token.
Single Sign On (SSO)
SSO enables the use of various web applications of the University of Innsbruck and other providers via the Austrian academic federation ACOnet Identity Federation, as well as the global academic federation eduGAIN after a single sign on.
Once you have logged in, you can use all services on the same device in the same browser without having to log in again (the exception here is the Account Portal). The system does not require you to log in again until after 8 hours.
Login and Logout
When logging in, you enter your identifier and password that you received from the university and, if necessary, a mandatory factor.
To make sure that you are logged out from all websites using WebSSO of the University of Innsbruck, please close your browser.
Log in with another account
If you want to log in with another account (e.g. function accounts), you have the following options:
- use the private mode of your web browser (Mozilla Firefox; Google Chrome; Microsoft Edge; Internet Explorer).
- use Multi-Account Containers for Firefox.
- disable automatic Windows Desktop login in the login settings.
Log in on foreign devices
Please enter your credentials only on trusted devices!
If you log in on a foreign device, we recommend using the private mode of your web browser (Mozilla Firefox; Google Chrome; Microsoft Edge; Internet Explorer). Close the browser windows to log out.
Windows Login (Integrated Windows Authentication)
This method allows you to automatically log in to WebSSO as soon as you are logged in to your Windows workstation PC.
If you always want to be logged in automatically, select the "Always use Windows Login" option. You can change this option via your settings.
This method works for PCs that are logged in to the Windows domain of the University of Innsbruck.
Furthermore, your web browser must be configured for Windows Login of the University of Innsbruck. This is the case by default for workstation PCs for Microsoft Internet Explorer as well as Google Chrome. For Mozilla Firefox the WebSSO server (idp.uibk.ac.at) must be entered:
- Enter about:config in the address bar.
- On the configuration page, search for negotiate.
- You should now see the option network.negotiate-auth.trusted-uris. Click on it. A dialog will open. Enter idp.uibk.ac.at here and confirm.
FAQs
I have forgotten my password, what to do?
First of all, please make sure that you have entered the ID and password correctly and that the Caps Lock is deactivated.
Please contact the ZID Service Desk. For security reasons, you will be asked to confirm your identity. Therefore, please have a document ready that verifies your identity.
I have problems with my password.
If you are able to log in to some services (e.g. web mail) but not others (e.g. LSA, VPN access, wiki login, etc.), you can synchronize your password in the Account Portal.
You can also change your password via the account portal.
How can I change my password?
You can change your password via the account portal.
In addition to your user ID and the old access password, the new password must be entered twice. We recommend to use upper and lower case in the password and at least one digit or special character (see also Choosing a suitable password).
If you use network drives (e.g. the home directory I:, in general: network file systems), you must log out of your computer and log in again after changing the password.
I cannot access my Second Factor.
If you cannot locate your Second Factor, you should contact the ZID Service Desk immediately.
To ensure that you retain access to your account and resources even if you lose or forget your current device, we strongly recommend setting up additional factors. By having multiple second factors, you minimize the risk of access issues and ensure reliable and flexible authentication.
Please note that when setting up additional security tokens, you should ensure that they support the FIDO2 standard to ensure the highest possible security. Contact the ZID Service Desk if you have any questions or need assistance.
I lost my cell phone with the Authenticator app.
It is important to report the loss or absence of the Second Factor immediately to minimize potential security risks and restore access to your digital services. Do not hesitate to contact the ZID Service Desk for assistance.
I have set up the Windows Hello PIN on my device and now I cannot add a security key.
If you have set up the Windows Hello PIN on your device and are now having trouble adding a security key, please follow the steps below:
- If the Windows Hello PIN setup started before you could add a security key, cancel the setup.
- After canceling the Windows Hello PIN setup, you can now add a security key.
We have a shared function account. What do we need to consider when setting up a second factor?
Please note that account sharing is only allowed for function accounts. See also Disclosure of user data.
We recommend generating separate 2FA tokens for the function account for each person with access rights. Ideally, the tokens are created together in a personal appointment. The person responsible for the account logs on to a device in the account portal with the user data of the function account. All persons involved can then create a second factor there with their own Authenticator app or their own security token. To be able to assign the factors better, it is recommended to note the name of the associated person in the token description. Each person can then log in to the function account in the future with the user data of the function account + their own second factor.
I don't want to or can't install the Authenticator app.
You don't have to install the app we recommend. You can also use another app that supports the TOTP standard.
For Android devices, we have had good experiences with Aegis, for example. On iOS, the operating system's password manager also supports TOTP and can therefore be used. We ask for your understanding that the Service Desk can only provide support in case of problems with the app we recommend.
To generate the login codes, the app does not need any permissions (Internet access, address book access, access to files on the device, ...), apart from camera access to scan the QR code. A critical look at the permissions desired by the respective can help in choosing a trustworthy app.
During setup, only a so-called secret is exchanged via the QR code. An authenticator app can use this secret and an algorithm to generate one-time passwords. Thus, no personal or sensitive data is exchanged.
Service Desk / Service-Hotline
(0512) 507-23999 (Montag - Freitag, 08.00 bis 16.00 Uhr)
E-Mail: ZID-Service@uibk.ac.at