Skip to main content

System Status: 

  1. Home
  2. Technology
  3. Security
  4. Secure Connect
  5. Multi-Factor Authentication (Duo Two-Step Login)

Multi-Factor Authentication (Duo Two-Step Login)

Last Updated: February 6, 2025 8:29:12 AM PST
Give feedback

As part of UC San Diego's plan to meet the UC systemwide cybersecurity investment initiative, multi-factor authentication (MFA), provided by Duo two-step login, will be required on all campus email systems. Core Campus email systems have been secured by Duo for several years. Security teams will now apply Duo to any remaining systems and accounts.

MFA for Role Accounts

Recognizing the varied use cases for these accounts, we’ve outlined specific guidance for each scenario in the knowledgebase article Support IT's Guide to Multi Factor Authentication: Role Accounts. You can also find a recorded Q&A session on this topic in the Role Accounts drawer below.

What is Multi-Factor Authentication (MFA) and where will it be required?

Multi-factor authentication, or MFA, is a multi-step account login process that requires users to enter more information than just a password. MFA helps to protect institutional data and systems from unauthorized access, strengthens our institution's security posture while aligning with industry best practices and ensures compliance with Secure Connect Program objectives. UC San Diego utilizes Duo two-step login for its MFA provider. Learn more about Duo two-step login.

MFA will be required on 100% of campus email systems:

  • Faculty, Staff & Active Student email accounts
  • Retiree & Alumni email accounts
  • Role accounts

Learn more about how MFA will be implemented in campus email systems in the drawers below.

Expand All

As of January 30, 2019, MFA became required for faculty, staff, active students and UC San Diego Health personnel use of the following systems: campus VPN connections and single sign-on. If you're currently using Duo on your email systems, no change will be required.

As of November 18, 2024, MFA became required for Alumni and Retiree email accounts. Users not registered with Duo will be required to do so in order to continue access to their accounts. Once registered, users will be prompted to use Duo for future logins, adding an extra layer of security to their accounts.

We are entering the next phase of the MFA (Duo two-step login) rollout, which now extends to role accounts. This includes both accounts identified as role accounts in MailUPD (Affiliation: A) and ad hoc accounts created in Active Directory. Starting on February 25, 2025, MFA will be enforced for all logins associated with these accounts.

Recognizing the varied use cases for these accounts, we’ve outlined specific guidance for each scenario in the knowledgebase article Support IT's Guide to Multi Factor Authentication: Role Accounts.

Below you'll find a recording of a presentation and Q&A session about MFA (Duo two-step login) enforcement for Role Accounts. IT Services representatives Leo Munduruca and Erik Strahm were on hand to provide clarification and address any remaining concerns.

Expand All