Frequently Asked Questions (FAQ)
The CloudIDP is a central solution at Volkswagen enabling users to login with their applications. You can use your regular web password (not your Windows password!), your PKI card or the Virtual Smart Card.
If you want to access a secure application you will be prompted to use a TOTP (One-time) token after entering your password. In this case use the 6-digit PIN in your Authenticator App labeled "VW WebServices (KUMS) - MFA-Only" or "CloudIDP (kums-mfa)". If you haven't registered a TOTP secret yet you will be prompted to do so. Please notice that an active email-address is needed for registration.
You can change your password at any time under
https://passwordchange.volkswagen.de or (https://passwordchange-qs.volkswagen.de for CloudIDP-QA)
if it is known.
Passwort Self Service (PWSS)
If you don't know your password you can access https://pwss.vwgroup.com (or https://pwss-qs.vwgroup.com for CloudIDP-QA) with your PKI card to get a new password. You can do this on another persons computer if you login on the page with your own PKI card.
In PWSS you have to access "My Accounts". Then you have to choose the system you want a new password for. In this case this is "W-TAMU, ... (Portal Applications and other Webservices)". Then click on "Request and display new password".
Enterprise Helpdesk (EHDD)
Alternatively, anyone can contact the Enterprise Helpdesk (EHDD) to request a new initial password.
You can manage the PIN of your PKI ID card with the software "Nexus Personal". This is already installed on your PC if it is a PC managed by Volkswagen. For Macs that are managed by Volkswagen, there is an option to select "PIN" in the "Personal" app and then change it under "PIN Management".
For more information and a more detailed explanation, contact the Enterprise Helpdesk (EHDD) or use the following page in Volkswagen Net: Volkswagen PKI Card (English)
TOTP stands for "Time-based One Time Password" and is a method to generate a One-Time-Password in an Authenticator App (such as Google Authenticator or Microsoft Authenticator) for use as a second factor in an authentication process.
If you want to access a secure application you will be prompted to use a TOTP (One-time) token after entering your password. In this case use the 6-digit PIN in your Authenticator App labeled "CloudIDP (kums-mfa)" (or old:"VW WebServices (KUMS) - MFA-Only"). If you haven't registered a TOTP secret yet you will be prompted to do so. Please notice that an active and (with your Volkswagen account) registered email-address is needed for registration.
The token from Group Secure Login cannot be used directly with CloudIDP! Please choose "Group Secure Login" among Alternative Logins to do so.
If you own a a PKI-Card or a SecurID Token you can manage and reset your TOTP here.
If you don't own a PKI-Card, find a collegue who ones one and who belongs to your subdepartment or the department directly above.
Ask him to visit the MFA-Selfservice (or MFA-Selfservice QA). There he can reset your TOTP for you.
If you don't have any collegue to help you out, please contact the CloudIDP-Support
With the help of an authentication method, you can identify yourself to a website and thus confirm your identity. Which authentication method is required depends on the security level of the website.
At CloudIDP supported authentication methods
| Authentication Method | Example | Explanation |
|---|---|---|
| User ID (Group ID) + Password | User Name: vwk43xs Password: ?????????? | Your User ID consists of a seven-digit combination of letters and numbers. Your password is a combination of numbers, letters and special characters. Example: Logging on to your office computer. |
| PKI | Factory ID card or Virtual Smart Card, PIN: 1234 | With this method, your identity is confirmed via a digital certificate. The PIN is required by the operating system to pass the certificate to the website. The best-known application example is access via the factory ID card. |
| TOTP | User Name: vwk43xs, Passwort: ??????????, One Time Token: 427 913 |
The One Time Token is generated by an app such as the Microsoft
or Google Authenticator and has a runtime of only 30 seconds
before a new one is created. The best-known application
example: Access to payroll via the 360° Volkswagen app.
Notice: Only CloudIDP tokens can be used. Tokens from the "Group Secure Login" are not valid at the CloudIDP! |
| RSA SecurID | User Name: vwk43xs Pin + Token: 123456027584 | With RSA SecurID a little device generates a continously changing six digit code. Together with a PIN chosen by the user it is used as a credential for Authentication. This authentication method is similar to TOTP, but has improved security because of the separate hardware. It is Often used by external partner employees. |
| GSL Federation | N/A | Authentication with the CloudIDP can also be done via the Group IDP (Group Secure Login). When doing so the Group IDP checks the authentication (with any method it supports), but in the end the CloudIDP issues the access token. |
Authentication methods NOT supported by CloudIDP
| Authentication Method | Example | Explanation |
|---|---|---|
| Windows Login | Username: DEVWAG00\ VWK43XS Password: ????????? | A Windows Domain / Active Directory login is currently not possible at the CloudIDP. |
| Microsoft O365 | Username: max.muster@ volkswagen.de Password: ????????? | Signing in via a Microsoft Office365 account is currently not possible at the CloudIDP. |
Your User ID is your 7-digit alphanumerical username that you also use for the Windows Login, at the Volkswagen Portal or Stibam. Example: abc12de. Your email address is not valid for the CloudIDP login page.
Both are central applications for authentication at web applications at Volkswagen. The authentication with username, password or PKI card are the same for both systems and use the same password. When using a TOTP token as a second factor the two services use different secrets which means they cannot be used interchangeably. Initial registration is offered by demand on first login at the CloudIDP. If the token is configured in your Authenticator app, the CloudIDP token has the label "CloudIDP (kums-mfa)" and GSL has the label "VW Group SecureLogin". SecurID tokens can only be used with Group Secure Login at this time.
No, you cannot currently use your Windows password to log in with CloudIDP.
Please use your web password that you also use at Volkswagen Portal or Stibam, for example.
No, you don't. If you have a Volkswagen User ID you can use the CloudIDP. If an authorization for a connected application is missing please contact EHDD.
We are happy to help you.
Employees should contact the Enterprise Helpdesk (EHDD) of their relevant company if they didn't find further informations about their questions:
Volkswagen +49 5361 9 33000 | ehdd@volkswagen.de
Employees should contact the EHDD of their respective company:
| Company | Phone | |
|---|---|---|
| Volkswagen | +49 5361 9 33000 | ehdd@volkswagen.de |
| AUDI | +49 841 89 36565 | 36565@audi.de |
| MAN | +49 89 1580 7888 | ehd@man.eu |
| Porsche | +49 711 911 20000 | servicedesk_20000@porsche.de |
| FSAG | +49 531 212 2919 | vwfsbseh@vwfs.com |