Digital identities and authentication

Information, FAQs and support

Two factor authentication (2FA)

Depending on your university status and citizenship, you can activate the two-factor authentication (2FA) using different options.

Depending on your university status and citizenship, you can activate the two-factor authentication (2FA) using different options.

    • Students, prospective students, candidates and visitors with Italian citizenship: 2FA SPID/CIE/eIDAS
      By law, it is mandatory to access the Online Services of the public administration using SPID or CIE identities. During registration you will be assigned Polimi Credentials which will be useful for accessing various university services and for temporarily accessing Online Services if you are unable to use SPID or CIE.
    • Students, prospective students and candidates, visitors with foreign citizenship.: 2FA Polimi (recommended) or 2FA SPID/CIE/eIDAS
    • Staff and PhD: 2FA Polimi (recommended) or 2FA SPID/CIE/eIDAS.

What it is

Activating this type of 2FA means that the Polimi credentials (or the eduGAIN federated credentials) are made more secure by entering an OTP (one-time password) required after login.

Once you have activated Polimi 2FA you will be able to access the online services using the method you prefer and available to you:

  • Polimi credentials followed by OTP
  • eduGAIN followed by OTP (only people from other universities)
  • SPID or CIE
  • eIDAS

Polimi 2FA can be activated in two ways: via App and via SMS.

Activation via App

To activate Polimi 2FA via App, you must have a smartphone and have one of these Apps for generating OTPs installed:

  • Android and iOS: Google Authenticator (recommended), Vip Access, FreeOTP Authenticator
  • Windows (Phone e 10 Mobile): Microsoft Authenticator (recommended), Authenticator G, OTP Manager.

Once the App is installed on the phone:

  1. Enter Online Services
  2. select the Enable 2FA Polimi option on the 2FA activation page
  3. go through the activation process

Activation via SMS (staff and PhD only)

To activate Polimi 2FA via SMS, you must have a telephone.

  1. Enter Online Services
  2. select the Enable 2FA Polimi (OTP via SMS) option on the 2FA activation page
  3. go through the activation process

What it is

By activating this function you protect yourself from fraudulent access in the event that your Polimi credentials are stolen,as access to services is granted only to SPID, CIE or eIDAS federated identities.
Once 2FA SPID/CIE/eIDAS has been activated, you will be able to access online services via:

  • any SPID identity (Poste, Sielte…) in your possession
  • CIE
  • eIDAS

How to activate it

  1. Enter online services via SPID or CIE
  2. select the option Enable 2FA SPID/CIE/eIDAS on the 2FA activation page

What it is

Deactivating 2FA allows you to temporarily return to accessing Online Services with your Polimi Credentials.

Access via SPID, CIE or eIDAS remains available but your Polimi account is no longer covered by the second factor.

How to deactivate 2FA

You can deactivate 2FA using the “Manage 2FA” link available in the “Authentication” widget in Online Services.

If you cannot access Online Services,

  1. use the “Deactivate 2FA: access temporarily with Polimi credentials only” link on the authentication screen under Support and Information.
  2. enter your Polimi Credentials. If they’ve expired or you’ve lost them, you can’t go ahead and resolve the situation yourself. Request assistance and schedule a Teams call with an operator.
  3. then you can choose between these three deactivation options:
  • Emergency key: this is provided to you once the second factor has been activated (also as a pdf download). If you lose it, you can generate a new one via the “Manage 2FA” link.
  • OTP via SMS: this works by receiving an SMS with a one-time password on your mobile phone. You can enable this option after 2FA activation is complete or at any other time via the “Manage 2FA” link.
  • OTP by e-mail: if you have provided your personal e-mail address for password recovery, you will be able to receive a one-time password to this address to deactivate your 2FA. You can enable this option at any time via the “Manage e-mail” link also available in the Authentication widget.

How long does deactivation last?

Deactivation is temporary. At the end of the procedure you will be informed when you will be required to activate 2FA again. You can reactivate 2FA at any time, even without waiting for the deactivation period to end.

The following scenarios may arise:

You are already registered in the University registry

  • if you have activated 2FA authentication via SPID/CIE/eIDAS you can deactivate it
  • if you have not activated 2FA authentication via SPID/CIE/eIDAS you can log in with your Polimi credentials and declare that you are unable to use SPID or CIE. You will be offered the option to enable Polimi 2FA

If you are not already registered in the University registry

You can use the “Register” link to get your Polimi credentials. When you log in for the first time you will be asked to activate two-factor authentication, you can declare that you are unable to use SPID or CIE and enable Polimi 2FA

Access the declaration

the declaration not to use spid or cie must be inserted at the moment of the 2FA activation request

To configure the App to generate the OTP on different devices, use the qrcode or, alternatively, the activation code. At the end of the activation procedure of the second factor via the app, you are given the opportunity to download a pdf containing the emergency deactivation key and the code / qrcode for the configuration.

To change the activation method, for example to switch from SPID/CIE/eIDAS 2FA to Polimi 2FA, you need to:

  1. deactivate the 2FA in use
  2. go to the activation page
  3. activate the new 2FA

The 2FA activation page is only accessible if 2FA authentication is not active.

It is displayed automatically:

  • when you first log in to Online Services
  • at the end of the temporary deactivation period

It can be reached via the “Activate 2FA” link in the “Authentication” widget during the temporary deactivation period.

Polimi credentials

By registering in the University registry, also via SPID/CIE or Edugain, you will obtain your person code and be able to set the corresponding password. These credentials constitute your Polimi identity.

Your person code is also notified to your personal e-mail address.

Expiration

The password linked to the Person Code expires periodically, you will have to reset it. Some settings that rely on the use of this data will stop working until you update the password there as well.

Change

When your password is about to expire, you will be notified when you access Online Services that your password needs to be updated. To change it, you can use the link available in the Authentication widget in the University Online Services.

Recovery

There are three scenarios:

  • if you remember the person code and the personal email address provided during registration, you can do it yourself using the password recovery procedure. Otherwise Request assistance recovering credentials
  • if you have a SPID or CIE identity, you can use it to access the Online Services and reset your password using the link available in the authentication widget.
  • if you have the Polimi 2FA active and you are not in a position to enter the OTP, you cannot recover the password independently. Request 2FA assistance, you will be asked to make a Teams call to provide you with the support you need to access.

Even though you have activated two-factor authentication, some services will still only be available using your Person Code and Password credentials. These services are:

These services are:

  • configuration of permanent Wi-Fi/wired connection using credentials (TTLS)
  • downloads from the software portal
  • access to the centrally managed workstation
  • access to Remote desktop
  • access to legacy VB applications (client server applications)
  • access to workstations in the computer rooms at the Milano Leonardo, Milano Bovisa and Lecco campuses

Digital identities

According to the law, there is an obligation to access the online services of the public administration using SPID or CIE identities.
In the registration phase, the Polimi Credentials will in any case be assigned, they will be useful for accessing various services at the university and for temporarily accessing the Online Services in the event of impossibility to use SPID or CIE.

The SPID digital identity is issued only by identity managers accredited by the Agenzia per l’Italia Digitale (AgID – Agency for Digital Italy). More information: www.spid.gov.it/richiedi-spid

Note: SPID digital identity managers include InfoCert, which also provides the digital signature services used by the Politecnico di Milano. However, there is no relationship between the two, and the SPID identity can be requested from any of the accredited operators.

To guarantee a higher level of security only level 2 SPID digital identities, are accepted, i.e. Those which also require a temporary code sent to the user for authentication purposes.

You can log in with any SPID identity in your possession (provided by different providers), even if you have already activated the SPID/CIE 2FA.

CIE (Carta di Identità Elettronica – Electronic Identity Card) allows citizens to authenticate themselves in the online services of the Public Administration. More information: www.cartaidentita.interno.gov.it

eduGAIN It is a global inter-federation service interconnecting more than 50 federations worldwide. These federations include IDEM (Italian Federation of Universities and Research Institutions for Authentication and Authorisation) to which the Politecnico belongs.  Learn more about eduGAIN

Polimi users can in turn use eduGAIN access provided by other federated bodies.

To be authenticated on the Online Services of these institutions you will have to select eduGAIN access and the IDEM federation. You will be directed to the University’s authentication screen where you can proceed with your usual authentication procedure.

Learn more about the IDEM federation

eIDAS, electronic IDentification, Authentication and trust Services.

Through the eIDAS Login, citizens of the European Union can access the Online Services using the public digital identities of their countries of origin.
At the same time, the other EU states, through their respective eiDAS nodes, can allow access to their services to Italian citizens with SPID or CIE.

More info: www.eid.gov.it/home