The CU Key mobile app has been developed for the purpose of increasing the security of CAS user accounts.

It is simple, reliable way to verify your identity while accessing university services.

It provides a modern means of two-factor authentication which significantly enhances the security of university systems which require CAS login.

The CU Key mobile app represents an important step towards increased cyber security and data protection for the academic community.

Activation procedure

1. Visit website ldap.cuni.cz/mfa and log in.

   
   

   • Click on the “Turn on” button

     
     

     

     
     

   • Select "Mobile phone application" among the available options:

     
     

     

     
     

   • Choose a QR code based on your mobile phone operation system and scan it to download the app.

     
     

     

     
     

2. Open the CU Key mobile app

   
   

   • Enable notifications

     
     

   • Click on the "Login" button and enter your username and password to CAS

     
     

     

     

     
     

   • Create a PIN code for unlocking the app

     
     

     

     

     
     

   • You will see "Renewal codes" for account renewal.

     
     

     Please write down these codes on a different device so you can use them in the event of loss or theft of your mobile phone.

     
     

     You may also enable biometric authentication, e.g. fingerprint or FaceID, if you use it on your device.

     
     

     

     
     
     

     

     
     

3. Visit website that requires CAS login and two-factor authentication, e.g. servicedesk.cuni.cz and log in.

   
   

   

   
   

4. Select a method for the second verification factor:

   
   

   

   
   

5. • You will receive notification on your mobile phone about a new request for authentication. Access the app using PIN code or biometrics and confirm the request.

     
     

     

     

     
     

6. You can now go back to www.ldap.cuni.cz/mfa and log in.

   
   

   • After two-factor authentication login you can see the Mobile phone application as an active means of two-factor authentication.

     
     

     

     
     

   • You can also view Renewal Codes again by clicking on the arrow on the bottom-right corner.

     Please note that each code can be used only once.

     
     

     

Aside from the mobile app, we highly recommend using a secondary two-factor authentication method. Currently you can choose between text message code and hardware key.

It is possible to use other mobile authentication apps that are compatible with the two-factor authentication of CAS user accounts, these being Google Authenticator or Microsoft Authenticator. Use of these applications is based on specific workplace requirements. If you are interested in using these apps, please contact your local IT support.