Mobile application CU Key has been developed for the purpose of increasing security for CAS user accounts.

With it you can simply and reliably verify your identity while accessing university services.

It provides modern means of two-factor authentication which significantly increases level of security for university systems which require CAS login.

Mobile application CU Key represents an important step towards increased cyber security and data protection for the academic community.

Activation process

1. Visit website www.ldap.cuni.cz/mfa and log in.

   
   

   • Click on the “Turn on” button

     
     

     

     
     

   • Select Mobile phone application among the available options:

     
     

     

     
     

   • Choose QR code based on your mobile phone operation system and scan it to download the app.

     
     

     

     
     

2. Open the mobile application CU Key.

   
   

   • Click on the Login button and enter your username and password to CAS

     
     

     

     

     
     

   • Enable notifications

     
     

   • Create PIN code for unlocking the app

     
     

     

     

     
     

   • You will see Renewal codes for account renewal.

     
     

     Please write down these codes on a different device so you can use them in the event of loss or theft of your mobile phone.

     
     

     You may also enable biometric authentication if you use in on your device, e.g. fingerprint, FaceID.

     
     

     

     
     
     

     

     
     

3. Visit website that requires CAS login and two-factor authentication, e.g. www.servicedesk.cuni.cz and log in.

   
   

   

   
   

4. Select a method for the second verification factor:

   
   

   

   
   

5. • You will receive notification on your mobile phone about a new request for authentication. Access the app using PIN code or biometrics and confirm the request.

     
     

     

     

     
     

6. Now, you can go back to the website www.ldap.cuni.cz/mfa and log in.

   
   

   • After two-factor authentication login you can see the Mobile phone application as an active means of two-factor authentication.

     
     

     

     
     

   • You can also view Renewal codes again, if you click on the arrow on the bottom-right corner.

     Please note that each of the codes can be used only once.

     
     

     

Aside from the mobile application, we highly recommend a secondary two-factor authentication method. Currently you can choose between text message code and hardware key.

It is possible to use other mobile authentication applications compatible with two-factor authentication of CAS user accounts. These are Google Authenticator or Microsoft Authenticator. Usage of these applications is based on specific workplace requirements. If you are interested in the use of these, please get in touch with your local IT support.