Multi-Factor Authentication Pilot Rolls Out to Select Users

The use of multi-factor authentication (MFA) to log in to applications has been shown to be one of the most effective controls against account compromise. As a result, MFA has become the standard across industry sectors, including higher education, and specifically with our peer Universities across Canada.

As a continuation of our efforts to safeguard sensitive information and data within the University of Alberta community, the AVP Chief Information Officer and I, with the Provost and Vice-President (Academic) and VP University Services & Finance, have prioritized use of MFA within the University.

Based on this direction MFA will be implemented in key applications as a pilot for select employees starting March 11, 2021. If you have not received an email asking you to enrol in MFA, you are not currently part of the pilot group.

We will be expanding enrolment in MFA once the pilot has completed. More information on additional enrolment will be distributed through email.

Gordie Mah
Chief Information Security Officer

FAQs

What is multi-factor authentication?

Multi-factor authentication (MFA) is the process of confirming a person’s identity using multiple factors to verify who they are when accessing systems. Typical factors for MFA include: something you know (like a username and password), something you have (like a passcode sent to your smartphone), and something you are (like a fingerprint scan). MFA requires at least two of the three factors. In the University’s deployment, after entering the CCID username and password, MFA is a second layer of security (or second factor) used to log into a service.

How is the University of Alberta implementing the multi-factor authentication pilot?

Multi-factor authentication is currently being rolled out as a pilot to a select group of users at the University of Alberta. If you have not received an email asking you to enrol in MFA, you are not currently part of the pilot group.

I didn’t receive an email. Can I use multi-factor authentication?

As this is a pilot we are only enrolling a small group of users in multi-factor authentication at this time. We will be expanding enrolment in MFA once the pilot has completed. More information on additional enrolment will be distributed through email.

Why is multi-factor authentication being introduced?

As a member of the University community, you are entrusted to manage University information which includes the personal, financial and academic information of students, faculty and staff. If your account is compromised this sensitive information and data is at risk. Using multi-factor authentication to log in to applications has been shown to be one of the most effective controls against account compromise and as a result we are prioritizing use of MFA at the University of Alberta.

What applications will multi-factor authentication apply to?

Users who have been asked to enrol as part of the pilot group will use MFA to log into PeopleSoft (Campus Solutions, Finance and HCM) and the MyCCID web page. Additionally, IT staff and CCID Authorized Approvers will use MFA when accessing the IAM (Identity and Access Management) system. Other applications will be added in the future. If you are part of the pilot group and have specific questions about which applications MFA applies to, please contact ist@ualberta.ca.

Do I have to enrol in multi-factor authentication? (Is this mandatory?)
MFA is mandatory for certain applications and certain users. Once the pilot has completed, we will be expanding MFA enrolment to more applications and users. Those asked to enrol in MFA have the option to enrol using their University smartphone (if applicable) or they can use their own smartphone.