Multi-Factor Authentication Expands To All Faculty and Staff

The use of multi-factor authentication (MFA) to log in to applications has been shown to be one of the most effective controls against account compromise. As a result, MFA has become the standard across industry sectors, including higher education, and specifically with our peer universities across Canada.

As a continuation of our efforts to safeguard sensitive information and data within the University of Alberta community, the AVP Chief Information Officer and I, with the Provost and Vice-President (Academic) and VP University Services & Finance, have prioritized use of MFA within the university.

The best MFA experience is through a smartphone authenticator app. For our MFA system, the university selected the Duo Mobile MFA authenticator app, a safe and secure app with only one purpose: to interface with the university’s CCID authentication system, allowing a user to approve a notification on their device.

After the successful implementation of our MFA pilot program, MFA is expanding to all University of Alberta faculty and staff in a phased rollout that started on December 2, 2022. Stay tuned to your inbox for instructions on how to set up MFA.

We’re looking forward to this added layer of protection for the university, which will only keep our accounts and data that much safer.

Gordie Mah
Chief Information Security Officer

FAQs

What is multi-factor authentication?

Multi-factor authentication (MFA) is the process of confirming a person’s identity using multiple factors to verify who they are when accessing systems. Typical factors for MFA include: something you know (like a username and password), something you have (like a passcode sent to your smartphone), and something you are (like a fingerprint scan). MFA requires at least two of the three factors. In the University’s deployment, after entering the CCID username and password, MFA is a second layer of security (or second factor) used to log into a service.

Who will be required to use MFA?

All faculty and staff will be required to use MFA.

I didn’t receive an email. Can I use MFA?

MFA is rolling out in stages. If you are a faculty or staff member, you will receive an MFA set-up email at the proper stage. You cannot enroll in MFA before your email arrives.

Why has MFA been introduced?

As a member of the university community, you are entrusted to manage university information, which includes the personal, financial and academic information of students, faculty and staff. If your account is compromised, this sensitive information and data is at risk. Using MFA to log into applications has been shown to be one of the most effective controls against account compromise.

What applications will MFA apply to?

MFA will be required to log into university applications and systems that use the CCID for authentication. Some examples include PeopleSoft (Campus Solutions, Finance and HCM), eClass, IAM (Identity and Access Management) system, VPN, and UAlberta Google.

Do I have to enroll in MFA? Is this mandatory?

MFA is mandatory on university applications and systems that use the CCID for authentication for all faculty and staff. Those asked to enrol in MFA have the option to enrol using their university or personal smartphone or with a fob device, available upon request. Use of the Duo Mobile MFA app for authentication is highly recommended.

I am unable to install the Duo Mobile MFA app on a university or personal smartphone. How do I get a fob?

There will be a link to a request form in your enrolment email. You must provide that link to your Faculty General Manager or Director-level supervisor to be filled out. After your Faculty General Manager or director-level supervisor has filled out the form, you can pick up a fob from the textbook information desk on the lower level of the U of A Bookstore at North Campus. There will be other pick-up locations for other campuses when MFA is rolled out to faculty and staff at these locations.

Note: your fob may not be activated for up to two business days after you’ve picked it up. If you need to use a fob, please ensure you fill out the form and pick up your fob early within your 30 day enrollment window to ensure you don’t run into any situations where you can’t access the U of A apps you need to access.

Are there any privacy or security risks to my smartphone?

There are no privacy or security risks to your smartphone. It is not possible for the Duo Mobile MFA app to access or affect your device or data in any way, other than providing an access prompt notification when you try to log in to U of A applications. There is no location tracking or any other type of tracking or data collection and no risk to any device from the Duo Mobile MFA app. It has only one purpose: to interface with the university’s CCID authentication system and provide an access prompt to your device.

Where can I find more information about Duo Mobile MFA?

For more information about the Duo Mobile MFA application, please read the Duo Mobile MFA FAQ.

I have a question. Where can I ask it?

If you have any questions about the MFA rollout, please submit it via the IST Service Portal inquiry form.

 

Updated January 27, 2023