MUNI Unified Login


Instruction: How to set up multi-factor authentication

Before you start using multi-factor authentication, you need to registered at least one authentication device. The first one has to be a TOTP app, then you can register arbritrary number of TOTP apps and WebAuthn authenticators. After you add your first token, you can go to user profile and enable MFA for all services connected to MUNI Unified Login.

Add first token

1
Go to token management page: mfa.id.muni.cz

2
Sign in with MUNI Unified Login

3
Enter by clicking on Log in

4
Click on Enroll Token

5
Enter the description of your first TOTP token and confirm by clicking Enroll Token

6
You will see a QR code with a shared secret. Scan the QR code with your TOTP app.

If you are enrolling from the mobile phone that has installed a TOTP app, click on Here next to the QR code. Shared secret will be transferred via link.

You do not have to backup the QR code or the link - you can register more TOTP apps later, using a different code.

Next time you sign in at mfa.id.muni.cz you will have to use multi-factor authentication.

Add more tokens

1
Click on Enroll a new token. If you opened the page on a WebAuthn capable device, choose token type WebAuthn, enter a description (e.g. "Work laptop") and continue by clicking Enroll token.

2
A dialog widow from the web browser or from the operating system pops up, asking for confirmation.

Push the button on your physical authenticator, confirm by fingerprint when on smartphone or perform another required action depending on the device. In the picture you can see the variant for Windows 11 (USB authenticator)

3
If the registration was successful, a confirmation about added token appears.

You may add arbitrary number of TOTP apps and WebAuthn devices. We highly recommend adding at least two devices and at least one of them with TOTP app.

Recovery codes

To prevent losing access in case you lose all registered devices, it is possible to generate one-time recovery codes, which you can securely store or print out.

1
Click on Enroll token

2
As a type choose PPR and enter description

3
See recovery codes by clicking on The OTP Values box. You can also print them out or download in PDF by clicking Print the OTP list.

Multi-factor authentication for all services

If you want maximum level of security, open user profile.

Go to Settings > Authentication and toggle the Turn on multi-factor authentication for all services switch (see the picture).

You be asked to sign in again using multi-factor authentication to confirm the action. From now on, every sign in to your account will require the multi-factor authentication.

You are running an old browser version. We recommend updating your browser to its latest version.