Digital identities and authentication

Information, FAQs and Support

To access the University services, you can use different digital identities:

Additionally, for some categories of users, two-factor authentication is available:

SPiD and CIE

SPID (Sistema Pubblico di Identità Digitale)
SPID [Public System for Digital Identity] allows italian citizens to access to all Public Administration sites with a single digital identity. More info: www.spid.gov.it

CIE (Carta di Identità Elettronica)
CIE [electronic identity card] allows italian citizens to authenticate with the highest levels of security in the online services of the Public Administration. More info: www.cartaidentita.interno.gov.it

A SPID digital identity can be obtained from one of the identity providers accredited by the Agenzia per l’Italia Digitale (AgID).

More info: www.spid.gov.it/richiedi-spid

Please note: between the SPID identity provider there is InfoCert, which also supplies the digital signature services used by the Politecnico di Milano. However, there is no relationship between the SPID identity and the digital signature. The SPID identity can be requested to any of identity provider certified.

To ensure a greater level of security are accepted only digital SPID identities of Level 2, which involves the insertion of a temporary code sent to the user at the moment of the authentication.

When you first log in with SPID, you will be asked to follow an activation procedure which will allow the system to link your SPID identity to a University account, if you already have one.

If you have no University account, the SPID credential activation procedure will require some additional information to complete the registration in the University database.

University credentials (person code and password) will remain valid and usefull to access some services.

The legislation provides that citizens with Italian citizenship only must use SPID or CIE to access the online services of the public administration. This means that students with Italian citizenship only, or other Italian users without an employment relationship with the Politecnico, must use this authentication method.

If your user profile requires the use of SPID / CIE, the following scenarios may arise:

You are already registered in the University registry:

  • if you have enabled 2FA authentication via SPID / CIE you can disable it (see How to disable it)
  • if you do not have 2FA authentication enabled via SPID / CIE, you can log in with your Polimi credentials and declare that it is impossible to use SPID / CIE. You will be offered the activation of 2FA Polimi

If you are not already registered in the University registry, use the Register link to obtain the Polimi credentials. At the first access you will be asked to activate two-factor authentication, you will be able to declare the inability to use SPID / CIE and activate the 2FA Polimi:

Yes, you can enter with any SPID identity in your possession, even if you have already activated 2FA SPID / CIE

Yes, it is possible to associate different SPID identities to your Polimi identity. Select the operator from those available and access the services.

At the moment it is not possible to independently delete an association previously made between a SPID/CIE identity and the Polimi one. Even if that identity has been disabled.

Some services will still be available only through the use of the Personal Code and Password credentials.
These services are:

  • configuration of the permanent wi-fi/wired connection through credentials (TTLS)
  • internet access from computerized classrooms
  • download from the software portal
  • centrally managed workstation
  • Remote desktop
  • Virtual desktop
  • access to the computerized classrooms of Milan Leonardo, Milan Bovisa and Lecco

For questions related to two-factor authentication via SPID / CIE see: Two-factor authentication 2FA (SPID, CIE and Polimi)

Polimi credentials

By registering in the University registry, also via SPID / CIE or Edugain, you will get your person code and you can set the relative password. These credentials constitute the Polimi identity.

The Politecnico often target of attacks aimed at stealing the credentials of its users. Your cooperation is vital in fending off such attacks:

  • Enable two-factor authentication
  • Change your password regularly
  • Do not share it with third parties and never reveal it to any other website than those of the University
  • Do not follow links present in emails that require you to verify your credentials; the University will never send you such a request, therefore such emails are fraudulent
  • Notify us of any security problems by writing to
    sicurezza-ict-ASICT@polimi.it
  • If you believe you may have accidently revealed your credentials change your password and contact us immediately

You can change your password using the link available in the Authentication widget on the University Online Services.

There are two options:

  • if you have provided your personal email address for password recovery, you can do it yourself by following the link on the University authentication page
  • you can enter the Online Services using a SPID or CIE identity and reset it using the link available in the authentication widget

If none of the above options work, ask for assistance.

The password linked to the Person Code expires periodically, you will have to reset it. Some configurations based on the use of this data will stop working until you update the password in that context as well. (e.g. permanent connection to the network without certificate)

Some services will still be available only through the use of the Personal Code and Password credentials.
These services are:

  • configuration of the permanent wi-fi/wired connection through credentials (TTLS)
  • internet access from computerized classrooms
  • download from the software portal
  • centrally managed workstation
  • Remote desktop
  • Virtual desktop
  • access to the computerized classrooms of Milan Leonardo, Milan Bovisa and Lecco

EduGAIN

Global inter-federation service interconnecting more than 50 federations worldwide. Among these federations is IDEM (Italian Federation of Universities and Research Institutions for Authentication and Authorisation) to which the Politecnico belongs.

More info: eduGAIN  IDEM

The first time you log in, you will be asked to follow an activation procedure which will allow the system to associate your eduGAIN digital identity with the corresponding University digital identity, where available.

If this is not present, i.e. you have never registered at the Politecnico, the eduGAIN credentials activation procedure will ask you for some additional information in order to complete the registration.

Your Polimi credentials (Person Code and password) will still be assigned to you and will remain useful for accessing certain services (see list at the bottom of the page).

At the moment it is not possible to independently delete an association previously made between a Edugain identity and the Polimi one. Even if that identity has been disabled.

Polimi users can in turn use eduGAIN access provided by other federated bodies.

In order to authenticate to the Online Services of these organisations, you will need to select eduGAIN access and IDEM federation. You will be directed to the University’s authentication screen where you can proceed with your usual authentication procedure.

Some services will still be available only through the use of the Personal Code and Password credentials.
These services are:

  • configuration of the permanent wi-fi/wired connection through credentials (TTLS)
  • internet access from computerized classrooms
  • download from the software portal
  • centrally managed workstation
  • Remote desktop
  • Virtual desktop
  • access to the computerized classrooms of Milan Leonardo, Milan Bovisa and Lecco

Two-factor authentication 2FA

Two-factor authentication inhibits the use of university credentials only for access to services. Depending on your user profile, you can activate two-factor authentication via SPID, CIE or via the Polimi procedure, based on the generation of OTPs via APP.

Deactivating 2FA allows you to return to temporarily access the Online Services with only Polimi credentials.

You can disable 2FA using the Manage 2FA link available in the Authentication widget on Online Services.

If you cannot use the second factor to access the Online Services, use the “Emergency Deactivation” link on the authentication mask. You will be asked to enter your Polimi credentials and then you can choose between these three deactivation options:

  • Emergency key: it is provided to you at the end of the activation of the second factor (also as a pdf to download). If you lose it, you can generate a new one via the Manage 2FA link.
  • OTP via SMS: it is based on sending an SMS to your mobile phone. You can enable this option after 2FA activation is complete or at any other time via the Manage 2FA link.
  • OTP via email: if you have provided your personal email address, you can receive an OTP on this address which is useful for deactivating 2FA. You can enable this option at any time via the Manage email link also available in the Authentication widget.

To use the emergency deactivation methods, use the Assistance link on the University authentication mask.

The deactivation can only be temporary, after 72 hours you will be obliged to reactivate the second factor.

Yes, it is possible to configure the App to generate the OTP on different devices, to do this you need to use the qrcode or, alternatively, the activation code. At the end of the activation procedure of the second factor via the app, you are given the opportunity to download a pdf containing the emergency deactivation key and the code / qrcode for the configuration.

Yes, the person code and password continue to be useful, both for accessing some services and for disabling 2FA in an emergency.

Once you have activated two-factor authentication via SPID / CIE, you can access the Services with SPID or CIE, indifferently. You will also be able to enter with any SPID identity in your possession.

If your user profile requires you to use SPID / CIE, you can access the Online Services with Polimi credentials and declare the impossibility of using SPID / CIE. You will be asked to temporarily activate Polimi two-factor authentication via APP.

Two-factor authentication also covers the university email service. Following the activation of the second factor it may be necessary to repeat the configuration of some mail programs. For configuration information: www.ict.polimi.it/email

Some services will still be available only through the use of the Personal Code and Password credentials.
These services are:

  • configuration of the permanent wi-fi/wired connection through credentials (TTLS)
  • internet access from computerized classrooms
  • download from the software portal
  • centrally managed workstation
  • Remote desktop
  • Virtual desktop
  • access to the computerized classrooms of Milan Leonardo, Milan Bovisa and Lecco

Once this mode is activated, to access the Online Services you will need to enter, in addition to your Polimi credentials, a One Time Password (OTP) created by an app installed on your mobile device.

Below is a list of selected APPs.

  • Android e iOS: Google Authenticator (recommended), Vip Access, FreeOTP Authenticator
  • Windows (Phone and 10 Mobile): Microsoft Authenticator (recommended), Authenticator G, OTP Manager.

By activating two-factor authentication in this mode, to access the Online Services you will have to:

  1. use the Polimi credentials or enter with eduGAIN using the credentials issued by federated bodies
  2. enter a One Time Password (OTP) obtained via APP

This authentication method is intended for people with at least one foreign citizenship and for Polimi personnel.

This authentication method is mandatory for people with Italian citizenship only and optional for foreign citizens in possession of one of these identities.