ITS Identity and Access Management

Quick Links

Logging In: Accounts & Passwords

Your uniqname and UMICH (Level-1) password are your key to logging in to U-M systems and services.

One Login Name, One Password

You use your uniqname and UMICH (Level-1) password to log in to many services hosted by ITS, provided by U-M departments, and contracted for by the university. A number of accounts and login methods are used behind the scenes to help you get in and get access, but they are tied together by your uniqname and UMICH password.

MCommunity serves as a hub to synchronize your UMICH password across U-M systems and to create the accounts you need for full access.

Friend accounts are available for those who need minimal access and do not need a uniqname. Friend account holders log in to the U-M computing environment using their email address instead of a uniqname.

Two-Factor Authentication

Two-factor authentication is used for access to certain systems containing sensitive university data, such as Human Resources and Student Administration systems. Two-factor authentication requires two proofs of identity when you log in:

U-M uses Duo Two-Factor for most systems that require two-factor authentication.

As of July 20, 2016, a small number of systems still use MTokens for two-factor authentication. MTokens will be eliminated by the end of 2016.

Federated Identity Management (Shibboleth)

U-M has a long-term strategy of providing access to cloud computing services through strategic partnerships with cloud vendors. With federated identity management, institutions join together in groups—called federations—and agree to trust each other's identity credentials.

U-M is a member of the InCommon Federation, which uses Shibboleth software to enable login across federation-member websites. ITS can help U-M departments and units set up Shibboleth access to U-M and vendor services.

Shibboleth allows people to log in to web resources at other institutions using the ID and password they use at their own institution. It's kind of like when banks allow you to use your ATM card at the ATM of a bank where you don't have an account. Members of the U-M community can log in to services such as U-M Google and U-M Box using their uniqname and UMICH password because Shibboleth software passes on assurance of their identity and authorization to Google and Box during the login process.

For more, see Shibboleth at U-M.