Campus-wide IT Authentication Platform Service in Osaka University

FAQ lists


New ICHO email address for faculty members and researchers

When logging in to SSO systems such as My Handai,KOAN (or etc.), the user information screen(confirmation of new ICHO email address) will be displayed.
I'm a faculty member(or a researcher) in Osaka Universiy .How can I modify my new ICHO email address?
I modified my new ICHO email address, but it is not updated in ICHO.

Multi-Factor Authentication(MFA)

Where can I find out how to register MFA?
I don't plan to use the SSO system from off-campus at the moment, but is it okay if I don't register MFA?
What happens if I do not register during the pre-registration period (90 days)?
What procedures need to be taken when I buy a new device(smart phone, tablet, PC,etc.) ?
I have already done multi-factor authentication with ICHO or OUMail, do I need to re-register?
Even if I am on campus, if I log in using my smartphone, is it treated as off campus?
Can MFA registration be done on a university computer?
Can I register and use the app on multiple devices?
How do I reset the "Temporary Release Code"?

MFA registration problem

I keep failing to register many times, what is the cause?か
(Change to new phone? ) After I change to the new smart phone, I can't use Authenticator code.
(My Handai app?) Authenticator certification suddenly failed.
After MFA registration, I checked the box for "don't ask the verification code for a given of time". But it does not work.
When I enter everything on the MFA registration screen and click Register button, the temporary release code will be blank and I can not finish MFA registration.

Browser addon (extension)

If I register MFA with a browser addon on a university computer, will I be unable to log in when I am working from home?か
When I click on the "Scan QR Code" button in the Authenticator (browser addon), the QR code appears and the crosshair symbol automatically moves to enclose it over and over again, but the QR code cannot be recognized.
About Web browser addon,how can I register MFA manually without QR code scan?
I installed the Authenticator on firefox, but the icon does not appear in the menu bar.
I installed the Authenticator on Chrome, but I can't see the icon in the menu bar.
Can I install the Authenticator browser addon in Safari (Mac) and set up MFA authentication?

Mobile application

Can I use this service on smartphones and tablets without a contract with a phone company (no SIM)?
I can't download Microsoft Authenticator because the Android OS is old.
After installing "Microsoft Authenticator" and clicking "Open", the manual says that you will be presented with the "Add Account" screen, but "Set up passwordless Sign-in for your Personal Microsoft Account" screen is displayed.
When setting up the MFA, if I select "other accounts" in the app on my phone to add an account, I am prompted to enter my "account name" and "private key", I cannot scan the QR code.
I accidentally deleted the Authenticator app after registering the MFA.

Other


OUMail


Frequently Asked Questions

I can log in ‘My Handai’ and ‘KOAN’. However, I cannot log in ‘ODINS’ and ‘OUMail’.
I cannot log in SSO system after I changed my password.
I get a message saying “Access error”, when I clicked the URL to confirmation be sent to my email address.
Upon first-login procedure, what e-mail address should I register in ‘User Information’?
When is the switched content updated?

The Osaka University Personal ID

How can I get the Osaka University Personal ID ?
I have forgotten my password and cannot login the system. What should I do?
How do I change my password?
Is there a limit in the number of characters and usable characters as password rule ?
What is a Role ID ?

Login

I cannot login. I get a message saying, “Authentication Error. You cannot login. Your Personal ID or password may be incorrect.”
I cannot login. I get an error message saying, “Error Code - SASE0038 Message -- the session is not valid.”
I cannot login. I get a message saying, “Access error or HTTP error.”
I cannot login on Mac OS X and Safari. I get an error message saying, “An error occurred in SSL client authentication.”

What web browsers can be used for this system ?


Campus-wide IT Authentication Platform Service in Osaka University

What campus systems can access with the Campus-Wide IT Authentication Platform Service?

Regarding questions other than the above, where should I direct questions ?

New ICHO email address for faculty members and researchers

**Overview November 5, 2021, the email addresses of faculty members and researchers registered in the user information of Campus-wide IT Authentication Platform Service have been replaced by the new ICHO email address.

When logging in to SSO systems such as My Handai,KOAN (or etc.), the user information screen(confirmation of new ICHO email address) will be displayed.

When logging in to the SSO system, the User Information Registration screen will be displayed for faculty members and researchers who have a new ICHO email address. After confirming a new email address, click "Next" and then "Registration" to proceed to "Step: 5. Registration completion of user information", and then close the screen to exit. If you want to modify your email address again, please wait for "about 10 minutes" and then change it from "Change Password/User Information" menu of the Campus-wide IT Authentication Platform Service portal site.

I'm a faculty member(or a researcher) in Osaka Universiy .How can I modify my new ICHO email address?

You can change your email address at any time from "Change Password/User Information" menu of the Campus-wide IT Authentication Platform Service portal site.

I modified my new ICHO email address, but it is not updated in ICHO.

It may take up to one day for the modified email address to be reflected in the linked Osaka University system.

Multi-Factor Authentication(MFA)

Overview
When you log in to the University's SSO System from off-campus networks, you must enter your Osaka University personal ID and password, and then enter your six-digit authentication code (one-time password). (MFA stands for Multi-Factor Authentication).

Where can I find out how to register MFA?

You can find the link "Multi-Factor Authentication (MFA)" on the Campus-wide IT Authentication Platform Service portal site. The link will take you to the MFA overview and registration procedure page.
https://web.auth.osaka-u.ac.jp/portal/en/

I don't plan to use the SSO system from off-campus at the moment, but is it okay if I don't register MFA?

if you do not register within 90 days of pre-registration period,you will not be able to access from off-campus. Osaka-University has a system for reporting on the crisis management ,such as Osaka University Safty Confirmaton System in My Handai. Even if you do not plan to use the SSO system from off-campus,we ask that you register MFA in advance so that you will be able to take necessary actions from off-campus.

What happens if I do not register during the pre-registration period (90 days)?

You will not be able to login to the SSO System from off-campus networks.
The following procedure is required.
a. Access the MFA registration URL from the campus network and register the MFA.Please check the following website.
https://web.auth.osaka-u.ac.jp/mfa/en/mf4mobile.html
b. Submit a personal ID reissue form by internal mail or fax.(In this case, your password will be reissued at the same time for security reasons.)Please check the following website.
https://web.auth.osaka-u.ac.jp/portal/en/password.html

What procedures need to be taken when I buy a new device(smart phone, tablet, PC,etc.) ?

Please refer to the information page below for explanations.
https://web.auth.osaka-u.ac.jp/mfa/en/mf4mobile.html

I have already done multi-factor authentication with ICHO or OUMail, do I need to re-register?

This is a different system than the ICHO and OUMail system. This system is set up for off-campus access to Campus-wide IT Authentication Platform Service (such as My Handai,KOAN,CLE,etc.).

Even if I am on campus, if I log in using my smartphone, is it treated as off campus?

If you are connected to your cell phone company's line, you will be treated as an off-campus network user.

Can MFA registration be done on a university computer?

Yes, you can register MFA from either on or off campus.

Can I register and use the app on multiple devices?

If you set up MFA registration on more than one device, only the authorization code of the mobile app or add-on on the device where you last registered the MFA will be valid.

How do I reset the "Temporary Release Code"?

Please re-register your MFA as you cannot reset the temporary release code only. (In this case, please delete the account you have already set up in the app or add-on in advance.)

MFA registration problem

I keep failing to register many times, what is the cause?

It is also related to the clock on the device. If the clock is off, please adjust it. If you fail MFA registration, check time and date setting of your smartphone. Please check Set automatically. Evenif the setting is on, please check it off and check it on again, and restart your smartphone.

(Change to new phone? ) After I change to the new smart phone, I can't use Authenticator code.

Even if you change the new device and transfer the authentication application to the new one, the account (osaka-u, personal ID) may not be transferred correctly. Please check here and re-register for MFA.

(My Handai app?) Authenticator certification suddenly failed.

Are you using My Handai app?
When you open the My Handai app, select "Confirm MFA registration" → "Change to My Handai app", the MFA will be transferred to My Handai app and the Authenticator will be disabled. When logging in systems, please tap "Settings" → "Show MFA Authentication Code" in the My Handai app to get the authentication code.
Please see https://twitter.com/MyHandai_app/status/1360278385591685120 for My Handai app. (link in Japanese)

After MFA registration, I checked the box for "don't ask the verification code for a given of time". But it does not work.

It depends on the settings of your web browser. The information is stored in your web browser's cookies, so if you have your web browser set to clear cookies when you close it, this could be the case.

When I enter everything on the MFA registration screen and click Register button, the temporary release code will be blank and I can not finish MFA registration.

The temporary release code must be 4-8 digits. If you enter any other symbols or letters, the temporary release code will be blank and you will not be able to register the code even if you click on "Register".

Browser addon (extension)

If I register MFA with a browser addon on a university computer, will I be unable to log in when I am working from home?

If you don't take your PC which you used for MFA registration, there is no way to display a one-time password, so you can't log in using an authentication code, but as an emergency measure, you can temporarily deactivate it (temporary release)and then log in.(about temporary release:a maximum 5 times, 2 hours per release.)

When I click on the "Scan QR Code" button in the Authenticator (browser addon), the QR code appears and the crosshair symbol automatically moves to enclose it over and over again, but the QR code cannot be recognized.

The automatic scanning of the QR Code is a sample video. Could you drag the mouse over the original QR code (the one behind the sample video), which is faded in color at the back of the screen?

About Web browser addon,how can I register MFA manually without QR code scan?

[Manual Entry]
1) Click on the pen symbol from the Authenticator symbol in the upper right corner of the screen.
2) Click on the "+" mark.
3) Click on "Manual Entry"
4) Enter the following two places
Issuer: enter "osaka-u".
Secret: Enter the "Manual input code" at the bottom of the table that shows the QR Code (case is not sensitive).
5) If the code is entered correctly, the Authenticator will display an authentication code (6-digit number) will be displayed.
Enter the authentication code in the ③Authentication code (for confirmation) below ②QR code field → click on the check button.
Thereafter, it's the same as setting up a QR code.

I installed the Authenticator on firefox, but the icon does not appear in the menu bar.

Normally, the icon is shown, but if you are running in a private window, the icon may not be shown. Please check it. If you don't need to run firefox in a private window, just set it to normal mode and then the Authenticator icon will appear.

I installed the Authenticator on Chrome, but I can't see the icon in the menu bar.

Use the Extension Tool icon in the top right corner of your web browser screen.Click on the Extension Tool icon and you will see the Authenticator in it, click on the thumbtack icon to the right of the Authenticator -> the thumbtack icon will turn blue and the Authenticator tool will appear next to the Extension Tool.

Can I install the Authenticator browser addon in Safari (Mac) and set up MFA authentication?

Safari does not have a verified Authenticator, so please get another browser (Chrome, Firefox) and then install the Authenticator addon.

Mobile application

Can I use this service on smartphones and tablets without a contract with a phone company (no SIM)?

It is available. After connecting to Wi-Fi or other devices and installing the authentication app, you can register your MFA even if you are not connected to the network and the 6-digit authentication code will be displayed.

I can't download Microsoft Authenticator because the Android OS is old.

Google Authenticator has been tested and is available, please try to see if Google Authenticator can be downloaded or not. you can get it from Google Play or App store for free.If it is difficult, please use browser add-on to register it.

After installing "Microsoft Authenticator" and clicking "Open", the manual says that you will be presented with the "Add Account" screen, but "Set up passwordless Sign-in for your Personal Microsoft Account" screen is displayed.

You will see a Microsoft directions page for people who have a personal Microsoft account, so ignore that and press "Skip" at the bottom.And then,you can see a "Add Account" button. If you press that button, you can follow the instructions.

When setting up the MFA, if I select "other accounts" in the app on my phone to add an account, I am prompted to enter my "account name" and "private key", I cannot scan the QR code.

It appears that the camera is disabled. Please enable the camera setting for the app (Microsoft Authenticator) in your smartphone's settings.

I accidentally deleted the Authenticator app after registering the MFA.

If you deleted the app after registering the MFA, you will need to re-register the MFA. Check the following page and complete the MFA re-registration process.
https://web.auth.osaka-u.ac.jp/mfa/en/mf4mobile.html
Don't just scan the QR code, be sure to complete the entire registration procedure, including the registration of the temporary release code.

Other

Please refer to the following information page for more information on MFA.
https://web.auth.osaka-u.ac.jp/mfa/en/mf1top.html

OUMail

Please refer to the information page. https://www.cmc.osaka-u.ac.jp/edu/others/webmail.php

Frequently Asked Questions

I can log in‘My Handai’and‘KOAN’. However,I cannot log in‘ODINS’and‘OUMail’.

Count a total number of characters in your password.
Password length is within 32 characters or less.

I cannot log in SSO system after I changed my password.

Count a total number of characters in your password.
Our Password rule is:
Use a password that has at least 12 characters and 32 characters or less, use at least one number, one uppercase letter, one lowercase letter and one special symbol.
-If you set your password between 12 and 32 characters
You might have mistyped your password.
Check that your keyboard Caps Lock and Num Lock are off, and retype your password.

I get a message saying “Access error”, when I clicked the URL to confirmation sent to my email address.

Probably you have not closed all web browsers.Close all browsers including email. Then, try again.
Enter ID and previous password after you are directed to log-in page.
NOTE: Other Tips
Try a different browser.
Clear your browser cache. Refer to your browser help for instructions.

Upon first-login procedure, what e-mail address should I register in ‘User Information’?

For faculty and researchers:The default Osaka University ICHO email address(with "@osaka-u.ac.jp" domain) is registered, but it can be changed within the scope of "E-mail address naming guidelines".
However, providing an email is optional for some users.
For more information, click here
For office staff and students:
Your email address is automatically registered. You cannot change it.
For staff:Default email address(with "@office.osaka-u.ac.jp" domain) is registered,
For student:Default email address(with "@ecs.osaka-u.ac.jp" domain) is registered,
(Email address with "@ecs.osaka-u.ac.jp" domain is an address provided by OUMail service)

When is the switched content updated?

It is updated the day after you change.

The Osaka University Personal ID

How can I get the Osaka University Personal ID ?

Issuance of the Osaka University Personal ID is stipulated in the Usage Policies of the Campus-wide IT Authentication Platform Service. A Personal ID is issued to meet the conditions of these policies.
As faculty, staff, and students in Osaka University receive the notification of Personal ID from the Department of Information and Communications Technology Services through in-house mail service, They do not need to make application in advance. Please note that it may take some time to receive the notification at the beginning of an academic year due to the rush of delivering new notifications.
If you need your personal ID in a hurry, contact "Information and Communications Technology Services Planning Group, Information and Communications Technology Services Planning Division, Department of Information and Communications Technology Services" CONTACT.
Students who enrolled in Osaka University before the 2007-08 academic year can use their old Unified Account (user name) that they were informed of at the time of their admission as their Osaka University Personal ID.
Persons not fitting one of the above categories but who need the Osaka University Personal ID must make apply separately.
For application, please contact a General Affairs staff member of your organization.

I have forgotten my password and cannot login the system. What should I do?

Even administrators don't have the means to retrieve your password. You need to apply for password reissue. Even if your password is reissued, your personal ID will not change.
For the procedure for reissuing your password, please go password reissue
If you have completed your MFA registration, you can reset your password yourself using your ID and MFA authentication code in Microsoft Authenticator.
Password reset login: https://auth-rst.auth.osaka-u.ac.jp/AttributeRegistSite/RequestServlet

How do I change my password?

You can change your password in the following steps:
Access to portal site https://web.auth.osaka-u.ac.jp/portal/en/
Input Personal ID and Password on the login screen of the Campus-wide IT Authentication Platform Service in Osaka University
click on "Change of password, user attribute informations" in menu.
Then a screen to change your password, email address, and extension number will be displayed.
Students can change only their password. However, staff can change all items except for their email address(es); faculty, all items.

Is there a limit in the number of characters and usable characters as password rule ?

For password rules, see the Password Rules on Campus-wide IT Authentication Platform Service in Osaka University Password Policy
The number of characters in a password is set at least 12 characters and no more than 32 characters.
About valid password characters,please check password rule

What is a Role ID ?

Under the old Campus-wide IT Authentication Platform Service, multiple Personal IDs were issued to the same person belonging to several organizations and having several positions. Such users had to login to different systems using different the Osaka University Personal IDs, which was troublesome for them.
To solve this problem, under the current Campus-wide IT Authentication Platform Service, the Osaka University Personal ID used in an SSO login authentication process is limited to one per person. A new Personal ID system has been designed so that users with different attributes in job titles and positions can login to SSO federation systems in campus without using different IDs.
In the current Campus-wide IT Authentication Platform Service, users with multiple the Osaka University Personal IDs, the ID necessary for the SSO login authentication process has been unified to the Personal ID for which personal attributes such as name and date of birth are related. Other personal attributes such as organization and job title concern the Role ID. In this way, the two types of ID are related and used in systems.
The Personal ID and Role ID of users who have only one Personal ID are usually the same, but some persons have a Role ID different from their Personal ID. Users who had multiple personal IDs can see the "Role Selection" screen by clicking the link to List of Available Role IDs after SSO login authentication.
For more information, see "Guide for Users”
In addition to the SSO federation systems, users can login to the following systems through authentication using their Role ID.

Systems requiring Role ID to login:
Educational Computer System Cybermedia Center
For more information, see Systems login authentication using Role ID

Login

I cannot login. I get a message saying, “Authentication Error. You cannot login. Your Personal ID or password may be incorrect.”

There are two possible causes.
・You have entered an incorrect Personal ID or password.
ake sure that the Caps Lock and Num Lock keys on your keyboard are toggled properly (usually, Caps Lock should be off and Num Lock [Windows only] should be on.) Alphabets used in Personal ID must be lower-case characters.
In old system, upper-case and lower-case characters were mixed in Personal IDs for SSO login authentication, but the change has been made to contain only lower-case alphabet characters in a Personal ID.
Thus, if alphabet characters in the notification of your Personal ID are written in upper-case characters, please replace them with lower-case characters. For more information, please go https://web.auth.osaka-u.ac.jp/portal/en/personalid-input.html

・The password change has not been updated.
It may take some time to be updated on the system. Try again after from 5 to 10 minutes.

I cannot login. I get an error message saying, “Error Code - SASE0038 Message -- the session is not valid.”

This error message often appears because URL of the web site has been typed incorrectly. Make sure the address in the bookmark is correct and try again.
For example, the correct URL of My Handai is https://my.osaka-u.ac.jp/. However, if you register the URL of the login screen as a bookmark after the completion of even one login step, a subsidiary URL will be registered as the bookmark and use of that bookmark will result in an error.
Use the correct URL for the system you're going to use.

I cannot login. I get a message saying, “Access error or HTTP error.”

Under the Campus-wide IT Authentication Platform Service, cookies are used in order to manage the session from login to logout. So please check the following.
・Make sure that cookies are enabled in your web browser.
・Make sure Java Script is enabled in your web browser.
・If the error message appears when accessing the URL for registration of user information, close all web browsers before accessing.

I cannot login on Mac OS X and Safari. I get an error message saying, “An error occurred in SSL client authentication.”

This is a unique problem for SSL authentication (in Campus-wide IT Authentication Platform Service) using Safari.
In Safari, if a user's certificate is stored in a keychain, regardless whether the certificate can be used in the Campus-wide IT Authentication Platform Service or not, the certificate will be used. For that reason, if the user has a certificate issued outside of the Campus-wide IT Authentication Platform Service, the above error may happen.
To use the Campus-wide IT Authentication Platform Service, try one of the following.
・Use Firefox instead of Safari. (https://mozilla.jp/firefox/)
・Create a new account in Mac OS and use the terminal through the new account.
・Delete the user certificate stored in the keychain by following these steps.

How to delete the certificate
Please note that you will not be able to receive services using certificates if you delete them.
-From a Finder Window, open Applications, Utilities - Open Keychain Access
-Highlight the "login" keychain. Then select Certificates in the bottom menu (category). The user certificate will be displayed in the right side of the window.
-After copying the user certificate (for SSL authentication) somewhere, delete the certificate in keychain.
-Close Safari and try again.

What web browsers can be used for this system ?

We have verified that Campus-wide IT Authentication Platform Service is available in the following operating systems and web browsers.

OS\Web browser Edge89 Firefox86 Chrome 89 Safari 13 Safari 14
Windows 8.1 - -
Windows 10 - -
Mac OS Catalina - - -
Mac OS Big Sur - -

Campus-wide IT Authentication Platform Service in Osaka University

What campus systems can access with the Campus-Wide IT Authentication Platform Service?

As of July 2021, SSO federation systems in campus were as noted below:
Please note: to access some systems, you may need to complete application in advance. If you cannot use one of the SSO federation systems, please contact the administrator of that system.
My Handai
Work Management System
Travel Expenses System
Financial Accounting System
Student Administration System (KOAN)
CLE
Researchers Data System
Library Web Service
Career Support web
Employment Support System
Application for Permission for Animal Experiments
Graduate School of Science & School of Science web site (only available internally)
International Student Support System, Support Office web site
Osaka University Web Library
Photonics Center Portal
E Content Remote Access Service
Web-based Pre-registration and Questionnaire System for health examinations
IPRISM System
OSAKA University Portfolio System for Studying-abroad
Stress Check System
Research Center for Nuclear Physics (www)
The Enrollment and Tuition Fee Exemption Application System
Osaka University Goods Procurement System
Overseas Travel Resistration System
Information for technical support staff (only available internally)
Ground and Tennis Court Reservation System for School/Graduate School of Engineering
Conference Room & Lecture Room Reservation Management System for Graduate School of Engineering
Webpage of the Center for the Study of Higher Education and Global Admissions
Instruments reservation & contract service reception system
Repository Deposit System

In addition to SSO federation systems, users can use by login authentication the following systems using their Role ID.
Systems requiring your Role ID to login:
Educational Computer System Cybermedia Center
For more information, see https://web.auth.osaka-u.ac.jp/portal/en/guide_3-2.html

Regarding questions other than the above, where should I direct questions ?

Please contact https://web.auth.osaka-u.ac.jp/portal/en/contact.html