IT Manual: Weblogin (id.gsi.de)

Employees of GSI/FAIR will receive their Weblogin account together with the application for Windows, Mail and Linux accounts using this form.

Scientific guests of GSI/FAIR apply for a Weblogin account by registering at the Welcome Office.

If you are not a scientific guest or fall under one of the exceptions listed on the Welcome Office page, you can apply for the weblogin via e-mail to the following e-mail address: accounts-weblogin-service @ gsi.de. Please include the following information in your e-mail:

• full surname, first name and gender identity as stated on the ID card.
• personal e-mail address (GSI/FAIR or external).
• name of the institute or company (complete address, website).
• name of the person responsible for you at GSI/FAIR.
• the desired applications for which you need access (e.g. safety instruction, ...)

Enter the username and password of your Weblogin account at id.gsi.de and click on “Sign In”.

The "Remember me" checkbox refers to the closing of the browser window. This means that if this box is checked, you will remain signed in even after you have closed their browser. Therefore, this checkbox should only be set on computers that are exclusively accessible to you. After successful login, your session lasts for a maximum of twelve hours. After two hours of inactivity, your session will be terminated prematurely.

If you have configured multi-factor authentication (MFA), you will now be prompted for your OTP.

Enter the 6-digit one-time password from your authenticator application on your mobile and click “Sign In”.

Sign in at id.gsi.de (see Sign in). Then navigate to “Account security” in the left sidebar and select “Signing in”. Then, click on “Update” in the row of “My password” under “Basic authentication“.

Enter your new password and confirm it by entering it a second time. Your new password will be validated against the password rules. The "Sign out from other devices" checkbox allows you to prematurely end sessions on other devices. This is useful if you're concerned that your password has been compromised and others have already logged in on other devices. Click on “Submit” to complete the process.

In order to reset your password, your Weblogin account must provide an already configured multi-factor authentication (MFA). If this is not the case, please contact our IT Helpdesk by email (it-helpdesk-service @ gsi.de) or on site (SB3.1.248).

Reset password yourself with MFA

1. Click on “Forgot Password?” at id.gsi.de.

   

2. Enter the username of your Weblogin account and click on “Submit”.

   

3. You should receive an email with the “Link to reset password”. The link is valid for 15 minutes. The sender address is id @ gsi.de and the e-mail is cryptographically signed with an S/MIME certificate. Close the web page and click on the link.

   

4. The next steps are similar to Sign in, with the difference that you will not be asked for your password, but only for your second factor.

5. Enter your new password and confirm it by entering it a second time. Your new password will be validated against the password rules. The "Sign out from other devices" checkbox allows you to prematurely end sessions on other devices. This is useful if you're concerned that your password has been compromised and others have already logged in on other devices. Click on “Submit” to complete the process.

   

Multi-factor authentication (MFA) is currently optional, but can already be activated. In addition to increased security, MFA offers the advantage, that with it you will be able to reset your password on your own (see Reset password). Otherwise, i.e. without MFA, you would have to contact the IT Helpdesk by email (it-helpdesk-service @ gsi.de) or on site (SB3.1.248).

To configure MFA sign in at id.gsi.de (see Sign in). Then navigate to “Account security” in the left sidebar and select “Signing in”. Under “Multi-factor authentication” you can add an authenticator application on your mobile.

Authenticator application (TOTP)

Click “Set up Authenticator application” if you wish to configure the OTP method. If you had already configured MFA, you might be asked to re-authenticate before you can proceed with adding another authenticator application. Now follow the instructions displayed and click on “Submit”.

If you no longer have access to your authenticator application, please contact our IT Helpdesk by email (it-helpdesk-service @ gsi.de) or on site (SB3.1.248).