Please note: Please ensure that you can carry out the process described below to the end without interruption.
You can only ever have one token for secure login, either a time-based one-time password (TOTP) for use in a smartphone authenticator app or a secret character string (Indexed Secret - for printing or saving as a PDF file). Regardless of this, you must always set up a recovery code so that you can log in to the Self-Service-Portal if you lose your current token. It is possible to set up a new token via the self-service portal at any time.

  1. Call up the token management page in the self-service portal (tile "ZIH-Login") or enter "ZIH-Login" in the search field of the self-service portal, click on "ZIH-Login" and "Token management (2FA)" and select "Create new token".

Token Overview
Screenshot Self-Service Portal: Menu item "Token management (2FA)"

  1. In the next step, select whether you want to generate a new token for the smartphone (TOTP) or in text form (Indexed Secret) for saving in a secure location or for printing on paper.
    If you are requesting a token for a function login, we recommend selecting "Indexed Secret" to make it easier to distribute the token.

With smartphone

  1. Install the desired Authenticator app on your smartphone.

Authenticator App
Screenshot Self-Service Portal: Selection of the authenticator app for time-based one-time password (TOTP)

  1. Select "Generate token".

  2. A QR code is displayed, which you must scan with your installed authenticator app. The token is added to the app.

QR Code TOTP
Screenshot Self-Service Portal: Display of the QR code for scanning with a smartphone and for control input

  1. A random numerical value is displayed for the token in the app. You must enter this in the "Control input" field in the Self-Service Portal. "Confirm" your entry. Note: The numerical value changes automatically after a certain period of time has elapsed.

  2. Save the displayed list of recovery codes so that you can access them at any time ("Print" on paper or as PDF file). These are required to log in to the self-service portal and to roll out a new token if yours is lost.

Recovery Codes
Screenshot Self-Service Portal: Displaying and printing the recovery codes

  1. Finish the process by clicking on "Finalize process".

Without smartphone

  1. Click on "Create Token" to create the secret string.

Indexed Secret Create
Screenshot Self-Service Portal: Start page for setting up the secret character string

  1. "Print" the string (or save it as a PDF in a secure location using your browser's print dialog) and "Confirm" the message to continue with the process.

Indexed Secret String
Screenshot Self-Service Portal: Display of the secret character string for printing or saving

  1. Save the displayed list of recovery codes so that you can access them at any time ("Print" on paper or as a PDF file). These are required to log in to the Self-Service Portal and to roll out a new token if yours is lost.

Recovery Codes
Screenshot Self-Service Portal: Displaying and printing the recovery codes
  1. Finish the process by clicking on "Finalize process".