FAQ about MFA
Which Services and Systems are Prioritized for MFA and Why?
As a Swedish authority, Uppsala University must follow laws and guidelines from e.g. the Swedish Civil Contingencies Agency (MSB). Therefore, the work to implement MFA follows a plan that prioritizes the systems and services where information and interaction are not intended for public accessibility.
In practice, this means that MFA is required for services where the material that is stored and handled needs to be protected for legal reasons, or where information needs to be locked down to maintain a secure IT environment.
The university's investment is in line with how all Swedish institutions and other authorities are now working to establish new ways to secure their IT environment against attacks and intrusions.
Examples of systems and services that will be given high priority in this context are the university's authorization management system (AppAcc), management of IT cases (UU Wiki and JIRA), as well as the university's common VPN service.
Services where MFA is already activated for security reasons are:
- AKKA Admin – Administration of the university's common catalog and authorization system.
- The IA System for Investigators – Management of work environment-related incidents.
- NAIS – National Administration and Information System for Coordinators of Students with Permanent Disabilities.
- Collaborative spaces in SharePoint Online – Share and collaborate on files within and outside the University.
- Sesam – Administration of Rights of Way.
- Vesta – Secure Storage and Processing of Research Data.
Where Can I Learn More?
Multi-factor authentication, which is now being introduced at the university, can be perceived as unnecessary and complicated. But it is a necessary step to increase IT and cyber security at the university. Start by reading the article on why multi-factor authentication is important for our university's IT security to familiarize yourself with what is happening and why.
The next step is to enable MFA for your user account, read more about that below.
How Can I Prepare?
Enable MFA for your user account right now - follow the guides on the staff gateway and don't hesitate to ask IT support (or a colleague) if you have any problems.
Why Different Methods for Logging into Collaborative Space and My User Account?
It is only for technical reasons that everyone needs to create a special login for the collaborative spaces in Sharepoint. In the university's large range of digital systems and services, there are many connections that make it complicated to make all solutions work exactly the same. In terms of security, there is no difference at all. Once your multi-factor authentication is up and running, it works similarly on all systems.
We recommend using the Microsoft Authenticator app for all your MFA needs. It gives you notifications and you'll only have to open one app every time you need to confirm your identity.
How Often Do I Need to Verify My Identity?
MFA via Joint Web Login is valid for 8 hours – during that period you won't need to log in again when switching services, as long as the system you're switching to doesn't have higher requirements and wants you to verify your user identity again.
MFA for collaborative spaces in SharePoint Online (and related services in M365) employes a method based on how your account is used to analyze and predict invalid access. This means that you may need to log in more often if you change computers or connections, but less often if you follow a similar login pattern every day.
I don't have a mobile phone for work and cannot install the app – what do I do?
If you do not have a mobile phone from your empoyer, it is recommended that you use your private mobile phone to activate MFA and log in to the university's services and systems. However, the phone should be password protected (with a code, fingerprint reader or face recognition) to achieve the right form of multi-factor.
If no mobile phone is available at all, a solution is offered for activating MFA using your web browser - read more under "Log in securely".
I don't have my own computer / I share my work computer with others – what do I do?
Here too it is recommended that you use your private mobile phone to activate MFA and log in to the university's services and systems. If neither a mobile phone nor a computer is accessible, ID devices will eventually be offered to employees and situations where the requirement for MFA cannot be satisfied in any other way. More information will follow when available.
What are the technical barriers to MFA and how are they being addressed?
Technical limitations exist in some legacy systems, while upgraded cross-system authentication solutions affect other releases of MFA. In some cases, the university is also dependent on external suppliers being able to make adjustments to their services in order for our MFA solution to function correctly.
What other barriers are there to MFA and how are they being addressed?
Mainly, the introduction of new IT solutions is a matter of working methods and IT culture – all employees and students at Uppsala University will eventually need accept that the future involves engagement in these issues. The Division for University IT Services (UIT) are working together with the Security Division and the Communications Division and will continue to inform and offer support when and where it is needed.
Another factor is the constantly developing technology – which can make it easier for users but also demands that the university as an organization is flexible in the face of changes – especially if we are to maintain a high level of security for our ever expanding digital environment.
How do I get MFA on my local service/system?
The university's MFA solution is connected to the "Joint Web Login" service (SSO via SAML 2.0). To activate MFA for your system or service, you first need to connect your solution with Joint Web Login.
Contact itsupport@uu.se for more information.
Do I have to activate MFA for my local service/system?
If you absolutely want to avoid activating MFA for your own service or system, you first need to make sure that the information in the system is classified to be accessible without a secure login. In the long run, however, the expectation is that all systems at the university will meet standard security requirements.
When will the "introduction" of MFA be complete? When will everyone be required to use MFA to work at the university?
No end date has been set for the introduction of MFA, but the university's goal is to connect as many affected services as possible to a more secure login method during 2024. In the long run, MFA and other security solutions should be a natural part of everyday life for all employees.