Single sign-on service
The HAW Hamburg single sign-on (SSO) service makes it possible for you to access various central applications and IT services from HAW Hamburg via a single login process using your HAW account ID and password. You can currently use SSO to access the following services:
- Library services provided by individual publishers
- VPN
- WLAN / Eduroam
- The Zoom video conferencing system
- ViaMINT
- Employee Intranet login
- Typo3 login (web editors)
To log in, you need to use your new HAW user ID (w...123@haw-hamburg.de) and the accompanying password. The SSO service also uses two-step verification.
Please note: This service requires you to use permanantly an authenticator app (see FAQs below), and you will need to set up a new account in the app. The HAW account / M365 you use to sign in to www.office.com will not work in this case. To set up a new account, you need to open the app and scan the QR code which is displayed there.
Important: please select 'Other account (Google...)' here. Two-step verification via SMS is not possible.
- Go to https://login.haw-hamburg.de and log in at the upper-right side of the page.
- Add account (be sure to select 'Other account' and not 'Business or school account').
- Enter the device names (e.g. mobile phone) and then the code shown.
- Now you can log in to the services listed above using SSO.
If you are still having problems, please send a mail to: itsc-support (at) haw-hamburg (dot) de
Setting up the single sign-on login, from minute 6:14
Important notes
1. Never delete the Authenticator app on your cell phone! You will need a new one-time code every time you log in via SSO.
If possible, store another device in your SSO account before you use a new cell phone. This will allow you to log in even if you lose your cell phone or buy a new one. This also works with the old cell phone, as long as you are in the WLAN with it and have not deleted the Authenticator app. Otherwise, you will need to come to the chip card office to have your SSO account reset.
This is how you register a new device:
- Log in at login.haw-hamburg.de and go to the "Konto Sicherheit / Anmeldung" tab.
- Under the section "Zwei-Faktor Authentifizierung" you will find the link "Authenticator-Anwendung einrichten" on the right. You will receive a new QR code for another device and can enter your account there in an authenticator app (preferably with a different name than on the device you are already using).
FAQs about the single sign-on service
Why can't I use my Microsoft login information to sign in?
................................................................................................................................................................................................
Two-step verification makes it possible to better protect access to the various online services. This is why two-factor verification has been introduced for Microsoft Office applications with the new HAW user ID (w...123@haw-hamburg.de). The Microsoft login interface is currently being used for Übergangsmoodle, Adobe licences and other services.
For some online services, however, it is necessary to log in using the single sign-on service, which has a different interface. The user ID and password are the same as those for the Microsoft account, but a new two-step verification process needs to be set up for this account. If you already use an authenticator app, you just need to add the new account. The one-time code generated by the app for this account can then be used for the two-step verification.
Which authentication app should I install on my mobile phone?
................................................................................................................................................................................................
If you have already installed the Microsoft Authenticator app, you can also use it for a new SSO account.
Humboldt Universität zu Berlin has also compiled a list of recommendations (in German) for authentication apps that do not use a large amount of data: Recommendations from HU Berlin
The university does not obtain any information about you when you use the app on your private mobile phone. You can and should also use the authentication app for your private accounts in order to protect your information as well as possible.
Why is an authentication app now necessary?
................................................................................................................................................................................................
The single sign-on service does not work with two-step verification where the code is sent by text message or a phone call. Using an app is actually a more secure means of two-step verification than an SMS. Please read the following for an explanation: Why use an authenticator app instead of SMS?
Am I giving away my personal information when I use an authentication app?
................................................................................................................................................................................................
Some authentication apps collect data for the provider or third parties (e.g. Google Analytics, Facebook Ads). Some apps also request a number of additional rights, such as location, mobile phone accounts, contacts, telephone status. The only thing necessary is access to the camera in oder to photograph the QR code for the account in question. This is why it is best to select one of the recommended apps.
Your personal information will absolutely not be transmitted to HAW Hamburg.
I already use an authentication app for the two-step verification for my Microsoft account. Can I use this account for the two-step verification for SSO as well?
................................................................................................................................................................................................
No. You need an additional account, but you can use the same authentication app.
When I enter the one-time code from the app I get an error message. What should I do?
................................................................................................................................................................................................
If you have more than one account in your authentication app, make sure that you've selected the right account.
If you still receive an error message, it could be the case that you have selected 'School account' instead of 'Other account'. To really create a new single sign-on (SSO) account, you will need to delete the incorrect account in your authentication app and start the process again.
Please do not delete a functioning SSO account (you already have an account if you do not see a QR code when you log in using SSO) or your Office account in the authentication app. You will then only be able to reset these accounts by coming to the Chip Card Services Office in person.
If you still receive an error message, please contact the ITSC staff: itsc-support (at) haw-hamburg (dot) de
What should I enter when I'm asked what the 'device name' is?
................................................................................................................................................................................................
You can choose the device name yourself – for example, 'work mobile' or 'phone'. If you use various devices for verification, they should have different names.