University of Bamberg
open search form
You are here

Service Institutions

University IT-Service

  1.  University of bamberg
  2. Weblogin
  3. Einmalanmeldung mit Shibboleth
  4. Administration and Institutions
  5. Service Institutions
  6. University IT-Service
  7. IT Services
  8. Login, Roles, Rights = IAM
  9. Passkey (English)
  10. Set up MFA KeePassXC as an alternative App (English)

Set up MFA via KeePassXC as an alternative application

Attention:

  • If a computer is used by several people, it is essential that each user has their own local user account.
  • No MFA login may be set up with a technical account.

Important notice:

  • KeePassXC is offered as an alternative to standard keychain applications in the following cases:
    • with Windows operating system: If an earlier version than specification version 2.0 is specified in the information on the TRM (Trusted Platform Module), please follow these instructions so that you can use KeePassXC as an alternative application. Information on the specification version can be found here.
  • To set up the passkey, install KeePassXC and the KeepassXC extension for your browser (e.g. Firefox, Chrome, Edge).
  • To be able to set up the passkey, a codematrix must first be set up.
  • If you have activated MFA, you must use it on all devices to log in. We recommend carrying out the setup on all devices and setting up at least 2 devices, as the code matrix does not have to be used for a new setup if a device is defective.

Install KeePassXC for the desktop

For installation on service devices with a Windows operating system, you will find KeepassXC as a standard installation in the Softwarecenter.

Otherwise you will find the installation under the following link: KeePassXC for Windows. Here you can download the file using the green Download for Windows button. Under See more options you will find the download files for older Windows versions

 

The next step is to create a new database in the program.

In the installed KeePassXC desktop version, open the menu. There you can access New database via the Database option. Enter the desired database name here and click Next. Then click through the next steps by confirming with Next.

Now create a password that is rated as at least good or secure and confirm with Done. Finally, save the new database to a location of your choice. On computers that are managed centrally by the IT service, e.g. on the personal network drive.

view Creating a database in the app
Figure 1: Creating a database in the app
view Activate browser integration, General menu
Figure 2: Activate browser integration, General menu
view Activate browser integration, advanced
Figure 3: Activate browser integration, advanced

Next, open the Tools option in the menu. Then go to Browser integration via Settings and then to Activatebrowser integration. Now select the browser (we recommend Google Chrome) that you want to use and activate the points in the General tab:

  • Request correspondence if the database is locked
  • Compare URL scheme

Select the following points in the Advanced tab:

  • Also extended attributes Displays beginning with “KPH: ”
  • Allow use of localhost with passkeys
  • Update native messaging manifest at startup

Finally, confirm with OK.

Leave the KeepassXC open, do not close it!

 

Activate KeePassXC browser extension

In the next step, activate the web browser extensions.

You will find three bars in the top right-hand corner of the web browser. After you have opened these, follow the Extensions option. Then open Manage extensions so that the KeePass browser option appears. Add it to the web browser via Add and confirm in the opened window with Add extension.

 

view KeePassXC extension example in Firefox
Figure 4: KeePassXC extension example in Firefox

KeepassXC is now displayed under the extensions. Please click on the 3 dots on the right-hand side and on Settings in the menu that appears.

view KeePassXC browser settings
Figure 5: KeePassXC browser settings
view KeePassXC browser settings Activate passkey
Figure 6: KeePassXC browser settings Activate passkey

In the settings, scroll down to the Passkey section. Here, check both Enable passkeys and Enable passkeys fallback.

view Connecting the KeePassXC browser extension
Figure 7: Connecting the KeePassXC browser extension

Next, click on the puzzle icon (Extensions) in the top right corner and then on KeePassXC Browser. In the new dialog window, click on Connect.

Roll out passkey

Please note!

  • If you are already logged in to the IAM portal, follow the instructions.
  • If you want to set up Passkey on another end device, first log in to the IAM portal on the end device on which you have already rolled up Passkey. Create the registration code. And follow the instructions in the section Create Passkey on the new end device.

Create registration code

To roll out the passkey, open the web application IAM-Portal - Create registration code.

view Create registration code in the IAM portal Menu
Figure 8: Create registration code in the IAM portal Menu

Your registration code will be displayed here. Please copy it and note that the code is only valid for 30 minutes.

view Generate registration code in the IAM portal menu
Figure 9: Generate registration code in the IAM portal menu

Create passkey

Then follow the link to roll out the passkey: https://getpasskey.iam.uni-bamberg.de.

To select the registration option, the code matrix and the registration code should be displayed.

Copy the registration code from the IAM-Portal, enter it in the field on Getpasskey and click on Verify.

view Logging in to Passkey's Uni-Bamberg through Shibboleth
Figure 10: Logging in to Passkey's Uni-Bamberg through Shibboleth

Select the menu item Roll out token.

As you have to roll out a passkey for each device, it is advisable to define a description.

Therefore, assign an appropriate name under Description, such as “Windows login”. Confirm this with Roll out token.

The temporary pop-up message “getpasskey.iam.uni-bamberg.de requests extended information...” will then be displayed. Please select the “Allow” option promptly. Otherwise the token will be deactivated and deleted.

view Rolling out the token and confirming the notification
Figure11: Rolling out the token and confirming the notification

The last step is to activate the passkey in the IAM portal under the following link: https://idp.iam.uni-bamberg.de/passkey/

Select Activate in the menu and click on Apply. The Passkey login has been activated notification is displayed as confirmation.

To deactivate the passkey login, select Deactivate in the menu and then Apply.

view Activate passkey login in the IAM portal
Figure 12: Activate passkey login in the IAM portal

Login with passkey in the web browser

Please make sure that you first use your BA number and password when logging in to the Firefox web browser.

view Login via Shibboleth with BA number
Figure 13: Login via Shibboleth with BA number
view Confirm authentication in KeePassXC Desktop
Figure 14: Confirm authentication in KeePassXC Desktop

Then confirm the process in KeepassXC by clicking the Authorization button.

Manage passkey

Passkeys are managed via the IAM-Portal (iam.uni-bamberg.de). You can deactivate or delete your passkeys under the menu item Manage Passkeys. Please note that the corresponding passkey must be deleted immediately if the device is lost or stolen.

view Managing passkeys in the IAM portal
Figure 15: Managing passkeys in the IAM portal

Emergency registration with code matrix

Please only use Codematrix in an emergency and if you are sure that the passkey login is not available. Follow the steps on the Codematrix information page. You will find detailed instructions there.

Sie haben noch Fragen?

IT-Support
Telephone: +49 951 863-1333
E-Mail: it-support(at)uni-bamberg.de