Multifactor authentication: Training schedule and FAQs
As we announced in the Nov. 14 issue of Link, we’ll be rolling out multifactor authentication (MFA) at UCOP beginning this January. IT Services is currently working with UCOP departments one-by-one to discuss their transition to MFA.
By March 31, it will be applied to most services utilizing UCOP’s single sign-on log-in screen, including UCPath, Service Now, UC Learning, Automated Job Scheduler (AJS), TRS, Box, Effort Reporting System (ERS), Enterprise Risk Management (ERM), Express Travel, Tableau, Zoom, Conferencing, Halogen and Outlook Web Access (OWA).
The training sessions will walk users through the MFA set-up process, explain how to use the Duo authentication application, and address specific user questions. Some common FAQs are also answered below.
FAQs about MFA
Q: What is multifactor authentication (MFA)?
A: MFA is an additional layer of protection for UCOP computer services and applications. MFA ensures that you’re the only person who can access your account, even if someone else knows your password. When attempting to access an application or service protected with MFA, you will be asked to confirm your identity using the Duo app on your smartphone or a Duo token (fob). Once confirmed, your access is granted.
Q: How does MFA with Duo work?
A: Users will log in to services as they currently do using single sign-on with their UCOP credentials (username and password). They will then be presented with a screen from Duo that gives a choice to send the request for authentication to either the user’s smartphone or to their UCOP-issued Duo token/fob, whichever the user prefers. Once the request has been approved, the user will be able to log in to the desired service.
Q: Will we need to use it with both our work and personal phones/devices when we are accessing UC accounts?
A: Users who have been assigned UCOP-issued smartphones will be expected to download the Duo mobile application to them, and to use these smartphones as their secondary authentication device. Users who own their own smartphones will have the option to download the Duo mobile application and use their phones for secondary authentication, or they can request that a Duo token/fob be issued to them.
Q: Will we need to use MFA every time we log in to a UC site or is it just a random/occasional thing?
A: Users will be required to use MFA whenever accessing a service which requires signing on with UCOP credentials. Once logged in, the session will be effective for 10 hours before MFA is required again. However, each time a new service is accessed, a new MFA prompt will appear.
Q: How will we get our “Duo”?
A: The MFA project will enroll users department-by-department. Staff who will be using their smartphones for secondary authentication will receive email instructions from Duo. Users desiring to use tokens/fobs for secondary authentication will have them registered and distributed by the project on a department-by-department basis.
For more information, please visit UCOP’s MFA website or call the MFA Project Manager Bill Doucet at 510-987-0427.