Your uniqname and UMICH (Level-1) password are your key to logging in to U-M systems and services.
You use your uniqname and UMICH (Level-1) password to log in to many services hosted by ITS, provided by U-M departments, and contracted for by the university. A number of accounts and login methods are used behind the scenes to help you get in and get access, but they are tied together by your uniqname and UMICH password.
MCommunity serves as a hub to synchronize your UMICH password across U-M systems and to create the accounts you need for full access.
UMICH Password Hub. Your UMICH password is stored centrally in MCommunity and synchronized to other systems—including M+Google and Active Directory—to minimize the number of passwords you have to remember.
Active Directory Accounts. MCommunity creates these accounts when people join the U-M community so they can get access to U-M services that use Microsoft Active Directory software for login.
Weblogin/Cosign. When you log in to U-M services from the web via the Weblogin page, you are using Cosign. This lets you log in once and get access to all U-M services that use this login method.
Friend accounts are available for those who need minimal access and do not need a uniqname. Friend account holders log in to the U-M computing environment using their email address instead of a uniqname.
Two-factor authentication is used for access to certain systems containing sensitive university data, such as Human Resources and Student Administration systems. Two-factor authentication requires two proofs of identity when you log in:
Something you know (such as your UMICH password)
Something you have (such as an MToken, either a physical device or an app on your smartphone)
MToken and Two Factor Authentication at U-M. MTokens—both hardware and software—are currently used for access to some administrative and other systems. (U-M IT system administrators who want to implement use of MTokens with a service, can refer to Configuring Multifactor Authentication at U-M.)
New Two-Factor Options to Replace MTokens. Watch for a new two-factor solution in summer 2016.
U-M has a long-term strategy of providing access to cloud computing services through strategic partnerships with cloud vendors. With federated identity management, institutions join together in groups—called federations—and agree to trust each other's identity credentials.
U-M is a member of the InCommon Federation, which uses Shibboleth software to enable login across federation-member websites. ITS can help U-M departments and units set up Shibboleth access to U-M and vendor services.
Shibboleth allows people to log in to web resources at other institutions using the ID and password they use at their own institution. It's kind of like when banks allow you to use your ATM card at the ATM of a bank where you don't have an account. Members of the U-M community can log in to services such as M+Google and M+Box using their uniqname and UMICH password because Shibboleth software passes on assurance of their identity and authorization to Google and Box during the login process.
For more, see Shibboleth at U-M.