Digital identities and authentication

Information, FAQs and support

Access to Online Services requires the use of a digital identity available for your user profile and the activation of two-factor authentication (2FA), also known as two-step verification.

2FA adds a layer of security to your personal space and protects you from fraudulent access in the event that your Polimi credentials are stolen. The first time you log in to the services, you will be automatically directed to the activation page

Select your profile

Depending on your university status and citizenship, you can use one or more digital identities (SPID, CIE, POLIMI credentials, eduGAIN or eIDAS federated credentials) and activate the 2FA using different options. Who are you?

Students or persons without a working relationship with the university with Italian citizenship only

Digital identities: SPID e CIE. By law, it is mandatory to access the Online Services of the public administration using SPID or CIE identities. During registration you will be assigned Polimi Credentials which will be useful for accessing various university services and for temporarily accessing Online Services if you are unable to use SPID or CIE.

2FA options: 2FA SPID/CIE/eIDAS

What it is

By activating this function you protect yourself from fraudulent access in the event that your Polimi credentials are stolen,as access to services is granted only to SPID, CIE or eIDAS federated identities.
Once 2FA SPID/CIE/eIDAS has been activated, you will be able to access online services via:

  • any SPID identity (Poste, Sielte…) in your possession
  • CIE
  • eIDAS

How to activate it

  1. Enter online services via SPID or CIE
  2. select the option Enable 2FA SPID/CIE/eIDAS on the 2FA activation page

The 2FA activation page is only accessible if 2FA authentication is not active.

It is displayed automatically:

  • when you first log in to Online Services
  • at the end of the temporary deactivation period

It can be reached via the “Activate 2FA” link in the “Authentication” widget during the temporary deactivation period.

The following scenarios may arise:

You are already registered in the University registry

  • if you have activated 2FA authentication via SPID/CIE/eIDAS you can deactivate it
  • if you have not activated 2FA authentication via SPID/CIE/eIDAS you can log in with your Polimi credentials and declare that you are unable to use SPID or CIE. You will be offered the option to enable Polimi 2FA

If you are not already registered in the University registry

You can use the “Register” link to get your Polimi credentials. When you log in for the first time you will be asked to activate two-factor authentication, you can declare that you are unable to use SPID or CIE and enable Polimi 2FA

Access the declaration

the declaration not to use spid or cie must be inserted at the moment of the 2FA activation request

What it is

Deactivating 2FA allows you to temporarily return to accessing Online Services with your Polimi Credentials.

Access via SPID, CIE or eIDAS remains available but your Polimi account is no longer covered by the second factor.

How to deactivate 2FA

You can deactivate 2FA using the “Manage 2FA” link available in the “Authentication” widget in Online Services.

If you cannot access Online Services, use the “Deactivate 2FA: access temporarily with Polimi credentials only” link on the authentication screen under Support and Information. You will be asked to enter your Polimi Credentials and then you can choose between these three deactivation options:

  • Emergency key: this is provided to you once the second factor has been activated (also as a pdf download). If you lose it, you can generate a new one via the “Manage 2FA” link.
  • OTP via SMS: this works by receiving an SMS with a one-time password on your mobile phone. You can enable this option after 2FA activation is complete or at any other time via the “Manage 2FA” link.
  • OTP by e-mail: if you have provided your personal e-mail address for password recovery, you will be able to receive a one-time password to this address to deactivate your 2FA. You can enable this option at any time via the “Manage e-mail” link also available in the Authentication widget.

How long does deactivation last?

Deactivation is temporary. At the end of the procedure you will be informed when you will be required to activate 2FA again. You can reactivate 2FA at any time, even without waiting for the deactivation period to end.

Students or persons without a working relationship with the university with foreign citizenship

Digital identities: Polimi credentials, SPID, CIE, eduGAIN or eIDAS federated credentials.

2FA options: 2FA Polimi (recommended) or 2FA SPID/CIE/eIDAS.

What it is

Activating this type of 2FA means that the Polimi credentials (or the eduGAIN federated credentials) are made more secure by entering an OTP (one-time password) required after login.

Once you have activated Polimi 2FA you will be able to access the online services using the method you prefer and available to you:

  • Polimi credentials followed by OTP
  • eduGAIN followed by OTP (only people from other universities)
  • SPID or CIE

Activation

To activate Polimi 2FA, you must have a smartphone and have one of these Apps for generating OTPs installed:

  • Android and iOS: Google Authenticator (recommended), Vip Access, FreeOTP Authenticator
  • Windows (Phone e 10 Mobile): Microsoft Authenticator (recommended), Authenticator G, OTP Manager.

Once the App is installed on the phone:

  1. Enter Online Services
  2. select the enable 2FA Polimi option on the 2FA activation page
  3. go through the activation process

How to configure multiple devices to generate the OTP via the app

To configure the App to generate the OTP on different devices, use the qrcode or, alternatively, the activation code. At the end of the activation procedure of the second factor via the app, you are given the opportunity to download a pdf containing the emergency deactivation key and the code / qrcode for the configuration.

What it is

By activating this function you protect yourself from fraudulent access in the event that your Polimi credentials are stolen,as access to services is granted only to SPID, CIE or eIDAS federated identities.
Once  2FA SPID/CIE/eIDAS has been activated, you will be able to access online services via:

  • any SPID identity (Poste, Sielte…) in your possession
  • CIE
  • eIDAS

How to activate it

  1. Enter online services via SPID, CIE or eIDAS
  2. select the option Enable 2FA SPID/CIE/eIDAS on the 2FA activation page

The 2FA activation page is only accessible if 2FA authentication is not active.

It is displayed automatically:

  • when you first log in to Online Services
  • at the end of the temporary deactivation period

It can be reached via the “Activate 2FA” link in the “Authentication” widget during the temporary deactivation period.

What it is

Deactivating 2FA allows you to temporarily return to accessing Online Services with your Polimi Credentials.

Access via SPID/CIE remains available but your Polimi account is no longer covered by the second factor.

How to deactivate 2FA

You can deactivate 2FA using the “Manage 2FA” link available in the “Authentication” widget in Online Services.

If you cannot access Online Services, use the “Deactivate 2FA: access temporarily with Polimi credentials only” link on the authentication screen under Support and Information. You will be asked to enter your Polimi Credentials and then you can choose between these three deactivation options:

  • Emergency key: this is provided to you once the second factor has been activated (also as a pdf download). If you lose it, you can generate a new one via the “Manage 2FA” link.
  • OTP via SMS: this works by receiving an SMS with a one-time password on your mobile phone. You can enable this option after 2FA activation is complete or at any other time via the “Manage 2FA” link.
  • OTP by e-mail: if you have provided your personal e-mail address for password recovery, you will be able to receive a one-time password to this address to deactivate your 2FA. You can enable this option at any time via the “Manage e-mail” link also available in the Authentication widget.

How long does deactivation last?

Deactivation is temporary. At the end of the procedure you will be informed when you will be required to activate 2FA again. You can reactivate 2FA at any time, even without waiting for the deactivation period to end.

To change the activation method, for example to switch from SPID/CIE/eIDAS 2FA to Polimi 2FA, you need to:

  1. deactivate the 2FA in use
  2. go to the activation page
  3. activate the new 2FA

Professors, PhD students, T/As or people who have a working relationship with the university

Digital identities: Polimi credentials, SPID, CIE, eduGAIN or eIDAS federated credentials.

2FA options: Polimi 2FA (recommended) or 2FA SPID/CIE/eIDAS.

What it is

Activating this type of 2FA means that the Polimi credentials (or the eduGAIN federated credentials) are made more secure by entering an OTP (one-time password) required after login.

Once you have activated Polimi 2FA you will be able to access the online services using the method you prefer and available to you:

  • Polimi credentials followed by OTP
  • eduGAIN followed by OTP (only people from other universities)
  • SPID or CIE
  • eIDAS

Polimi 2FA can be activated in two ways: via App and via SMS.

Activation via App

To activate Polimi 2FA via App, you must have a smartphone and have one of these Apps for generating OTPs installed:

  • Android and iOS: Google Authenticator (recommended), Vip Access, FreeOTP Authenticator
  • Windows (Phone e 10 Mobile): Microsoft Authenticator (recommended), Authenticator G, OTP Manager.

Once the App is installed on the phone:

  1. Enter Online Services
  2. select the Enable 2FA Polimi option on the 2FA activation page
  3. go through the activation process

How to configure multiple devices to generate the OTP via the app

To configure the App to generate the OTP on different devices, use the qrcode or, alternatively, the activation code. At the end of the activation procedure of the second factor via the app, you are given the opportunity to download a pdf containing the emergency deactivation key and the code / qrcode for the configuration.

Activation via SMS

To activate Polimi 2FA via SMS, you must have a telephone.

  1. Enter Online Services
  2. select the Enable 2FA Polimi (OTP via SMS) option on the 2FA activation page
  3. go through the activation process

What it is

By activating this function you protect yourself from fraudulent access in the event that your Polimi credentials are stolen,as access to services is granted only to SPID, CIE or eIDAS federated identities.
Once  2FA SPID/CIE/eIDAS has been activated, you will be able to access online services via:

  • any SPID identity (Poste, Sielte…) in your possession
  • CIE
  • eIDAS

How to activate it

  1. Enter online services via SPID, CIE or eIDAS
  2. select the option Enable 2FA SPID/CIE/eIDAS on the 2FA activation page

The 2FA activation page is only accessible if 2FA authentication is not active.

It is displayed automatically:

  • when you first log in to Online Services
  • at the end of the temporary deactivation period

It can be reached via the “Activate 2FA” link in the “Authentication” widget during the temporary deactivation period.

What it is

Deactivating 2FA allows you to temporarily return to accessing Online Services with your Polimi Credentials.

Access via SPID, CIE or eIDAS remains available but your Polimi account is no longer covered by the second factor.

How to deactivate 2FA

You can deactivate 2FA using the “Manage 2FA” link available in the “Authentication” widget in Online Services.

If you cannot access Online Services, use the “Deactivate 2FA: access temporarily with Polimi credentials only” link on the authentication screen under Support and Information. You will be asked to enter your Polimi Credentials and then you can choose between these three deactivation options:

  • Emergency key: this is provided to you once the second factor has been activated (also as a pdf download). If you lose it, you can generate a new one via the “Manage 2FA” link.
  • OTP via SMS: this works by receiving an SMS with a one-time password on your mobile phone. You can enable this option after 2FA activation is complete or at any other time via the “Manage 2FA” link.
  • OTP by e-mail: if you have provided your personal e-mail address for password recovery, you will be able to receive a one-time password to this address to deactivate your 2FA. You can enable this option at any time via the “Manage e-mail” link also available in the Authentication widget.

How long does deactivation last?

Deactivation is temporary. At the end of the procedure you will be informed when you will be required to activate 2FA again. You can reactivate 2FA at any time, even without waiting for the deactivation period to end.

To change the activation method, for example to switch from 2FA SPID/CIE/eIDAS to 2FA Polimi , you need to:

  1. deactivate the 2FA in use
  2. go to the activation page
  3. activate the new 2FA

Frequently asked questions about digital identities

SPID and CIE identity

The SPID digital identity is issued only by identity managers accredited by the Agenzia per l’Italia Digitale (AgID – Agency for Digital Italy). More information: www.spid.gov.it/richiedi-spid

Note: SPID digital identity managers include InfoCert, which also provides the digital signature services used by the Politecnico di Milano. However, there is no relationship between the two, and the SPID identity can be requested from any of the accredited operators.

To guarantee a higher level of security only level 2 SPID digital identities, are accepted, i.e. Those which also require a temporary code sent to the user for authentication purposes.

You can log in with any SPID identity in your possession (provided by different providers), even if you have already activated the SPID/CIE 2FA.

CIE (Carta di Identità Elettronica – Electronic Identity Card) allows citizens to authenticate themselves in the online services of the Public Administration. More information: www.cartaidentita.interno.gov.it

Polimi credentials

By registering in the University registry, also via SPID/CIE or Edugain, you will obtain your person code and be able to set the corresponding password. These credentials constitute your Polimi identity.

Your person code is also notified to your personal e-mail address.

Expiration

The password linked to the Person Code expires periodically, you will have to reset it. Some settings that rely on the use of this data will stop working until you update the password there as well.

Change

When your password is about to expire, you will be notified when you access Online Services that your password needs to be updated. To change it, you can use the link available in the Authentication widget in the University Online Services.

Recovery

There are two options:

  • If you have provided your personal e-mail address to retrieve your password, you can do so yourself by following the link on the University’s authentication page.
  • If you have a SPID or CIE identity, you can use it to access Online Services and reset your password via the link available in the authentication widget.

If none of the above options work, ask for assistance.

Even though you have activated two-factor authentication, some services will still only be available using your Person Code and Password credentials. These services are:

These services are:

  • configuration of permanent Wi-Fi/wired connection using credentials (TTLS)
  • downloads from the software portal
  • access to the centrally managed workstation
  • access to Remote desktop, Printer share and File share
  • access to Virtual desktop
  • access to legacy VB applications (client server applications)
  • access to workstations in the computer rooms at the Milano Leonardo, Milano Bovisa and Lecco campuses

eduGAIN federated credentials

eduGAIN It is a global inter-federation service interconnecting more than 50 federations worldwide. These federations include IDEM (Italian Federation of Universities and Research Institutions for Authentication and Authorisation) to which the Politecnico belongs.  Learn more about eduGAIN

Polimi users can in turn use eduGAIN access provided by other federated bodies.

To be authenticated on the Online Services of these institutions you will have to select eduGAIN access and the IDEM federation. You will be directed to the University’s authentication screen where you can proceed with your usual authentication procedure.

Learn more about the IDEM federation

eIDAS federated credentials

eIDAS, electronic IDentification, Authentication and trust Services.

Through the eIDAS Login, citizens of the European Union can access the Online Services using the public digital identities of their countries of origin.
At the same time, the other EU states, through their respective eiDAS nodes, can allow access to their services to Italian citizens with SPID or CIE.

More info: www.eid.gov.it/home