Your uniqname and UMICH password are your key to logging in to U-M systems and services. A number of accounts and login methods are used behind the scenes to help you get in and get access, but they are tied together by your uniqname and UMICH password.
Your uniqname and UMICH password are your key to online U-M systems and services whether those services are hosted at U-M by ITS, provided by U-M departments, or are cloud services contracted for by the university—and whether you access them from a desktop machine, laptop, or mobile device. It is our goal to make connecting to all these services as easy as if they were all using one account and one technology for logging in, even though they aren't.
MCommunity serves as a hub to synchronize your UMICH password across U-M systems and to create the accounts you need for full access. If you work in information technology, or just find this really interesting, here's more detail:
UMICH Password Hub. Your UMICH password is stored centrally in MCommunity and synchronized to other systems—including M+Google and Active Directory—to minimize the number of passwords you have to remember.
Active Directory Accounts. MCommunity creates these accounts when people join the U-M community so they can get access to U-M services that use Microsoft Active Directory software for login.
Weblogin/Cosign. When you log in to U-M services from the web via the Weblogin page, you are using Cosign. This lets you log in once and get access to all U-M services that use this login method.
Friend accounts are available for those who do not need a uniqname but need minimal access. These accounts allow people to log in to the U-M computing environment using their email address instead of a uniqname. Providers of U-M computing services can then authorize Friend account holders to use certain services as appropriate. Friend accounts are used, for example, by parents and guardians to log in so they can pay student tuition.
U-M has a long-term strategy of providing access to cloud computing services through strategic partnerships with cloud vendors. With federated identity management, institutions join together in groups—called federations—and agree to trust each other's identity credentials.
U-M is a member of the InCommon Federation, which uses Shibboleth software to enable login across federation-member websites. ITS can help U-M departments and units set up Shibboleth access to U-M and vendor services.
Shibboleth allows people to log in to web resources at other institutions using the ID and password they use at their own institution. It's kind of like when banks allow you to use your ATM card at the ATM of a bank where you don't have an account. Members of the U-M community can log in to services such as M+Google and M+Box using their uniqname and UMICH password because Shibboleth software passes on assurance of their identity and authorization to Google and Box during the login process.
For more, see Shibboleth at U-M.
For access to certain systems containing sensitive university data, such as Human Resources and Student Administration systems, users are asked for additional proof of their identity for increased security. Two-factor authentication requires users to provide two proofs of their identity—something they know (their UMICH password) and something they have (a physical device called an MToken)—when logging in to a system. The MToken displays a one-time tokencode—a six-digit number that changes every 60 seconds.
For more, see MToken and Two Factor Authentication at U-M.
U-M IT staff who want to implement use of MTokens with a service, see Configuring Multifactor Authentication at U-M.