If a computer is used by several people, it is essential that each user has their own local user account.
No MFA login may be set up with a technical account.
Important notes:
To be able to set up the passkey, a Codematrix must first be set up.
If you have activated MFA, you must use it on all devices to log in. We recommend carrying out the setup on all devices and setting it up on at least 2 devices, as this means you do not have to use the code matrix to set it up again if a device is defective.
Set up Windows Hello
First check whether the business or school account of the University of Bamberg is available in the account settings. Navigate to the Windows settings of your device. There you will find the menu item Accounts - Access work or school account. If it is not available, you do not need to do anything here. If it is available, click on it and then on Disconnect.
Figure 1: Disconnecting from the Microsoft account in the settings
Please note!
If you have already set up the Windows Hello pin or fingerprint on your computer, you can continue with Rolling out passkey.
Navigate to the login information in the Windows settings under Accounts. First activate the Windows Hello PIN in the login options. Restart the laptop after setup to check the new login option.
Abbildung 2: Windows Hello Pin Option
Notes:
The Windows Hello PIN should not contain any content from your password for the BA number or from the BA number.
The Windows Hello PIN must be set up, without it the setup cannot be completed. It also serves as an alternative login method in the event that fingerprint recognition does not work.
Note on tower computers!
If you are using a stand-alone computer or tower computer, you can only set up the Windows Hello PIN as a login option. You can continue directly with Roll out passkey.
Attention!
If you have forgotten the Windows Hello pin, you must first remove it and set everything up again as described in the instructions in the section Setting up Windows Hello.
Now select a login option (Hello fingerprint recognition is recommended) to add it.
After setup, restart the computer to check the new login option.
Figure 3: Windows Hello fingerprint option
On laptops with a fingerprint option, the corresponding button can be found either near the touchpad or directly on the device's on/off button.
Figure 4: Fingerprint option
Figure 5: Fingerprint option
Figure 6: Fingerprint option
Roll out passkey
Please note!
If you are already logged in to the IAM portal, follow the instructions.
If you want to set up Passkey on another end device, first log in to the IAM portal on the end device on which you have already rolled up Passkey. Create the registration code. And follow the instructions in the section Create Passkey on the new end device.
Create registration code
To roll out the passkey, open the web application IAM-Portal - Create registration code.
Figure 7: Create registration code in the IAM portal Menu
Your registration code will be displayed there. Please copy it and note that the code is only valid for 30 minutes.
Figure 8: Generate registration code in the IAM portal menu
The code matrix and the registration code should be displayed for selection as a registration option.
Please enter the previously copied registration code in the field provided on the Getpasskey page and click on “Check”.
Figure 9: Logging in to Passkey's Uni-Bamberg through Shibboleth
Select the menu item Roll out token.
As you have to roll out a passkey for each device, it is advisable to define a description accordingly. Therefore, assign a corresponding name under Description, such as “Laptop login”. Confirm this with Roll out token.
Figure 10: Describing the token name and rolling out the token
The temporary pop-up message “getpasskey.iam.uni-bamberg.de requests extended information...” will then be displayed. Please select the “Allow” option promptly. Otherwise the token will be deactivated and deleted.
Figure 11: Confirmation of the token roll-out notification
If the passkey has been successfully stored, you will receive the message The token has been rolled out in the next window.
Select Activate in the menu and click on Apply. The Passkey login has been activated notification is displayed as confirmation.
To deactivate the passkey login, select Deactivate in the menu and then Apply.
Figure 12: Activate passkey login in the IAM portal
Manage passkey
Passkeys are managed via the IAM portal (iam.uni-bamberg.de). You can deactivate or delete your passkeys under the menu item Manage Passkeys. Please note that the corresponding passkey must be deleted immediately if the device is lost or stolen.
Figure 13: Managing passkeys in the IAM portal
Emergency registration with the code matrix
Please only use Codematrix in an emergency and if you are sure that the passkey login is not available. Follow the steps on the Codematrix information page. There you will find the link to the detailed instructions.
