ITS Identity and Access Management

Quick Links

Logging In: Accounts & Passwords

Your uniqname and UMICH (Level-1) password are your key to logging in to U-M systems and services.

One Login Name, One Password

You use your uniqname and UMICH (Level-1) password to log in to many services hosted by ITS, provided by U-M departments, and contracted for by the university. A number of accounts and login methods are used behind the scenes to help you get in and get access, but they are tied together by your uniqname and UMICH password.

MCommunity serves as a hub to synchronize your UMICH password across U-M systems and to create the accounts you need for full access.

Friend accounts are available for those who need minimal access and do not need a uniqname. Friend account holders log in to the U-M computing environment using their email address instead of a uniqname.

Two-Factor Authentication

Two-factor authentication is used for access to certain systems containing sensitive university data, such as Human Resources and Student Administration systems. Two-factor authentication requires two proofs of identity when you log in:

MToken and Two Factor Authentication at U-M. MTokens—both hardware and software—are currently used for access to some administrative and other systems. (U-M IT system administrators who want to implement use of MTokens with a service, can refer to Configuring Multifactor Authentication at U-M.)

New Two-Factor Options to Replace MTokens. Watch for a new two-factor solution in summer 2016.

Federated Identity Management (Shibboleth)

U-M has a long-term strategy of providing access to cloud computing services through strategic partnerships with cloud vendors. With federated identity management, institutions join together in groups—called federations—and agree to trust each other's identity credentials.

U-M is a member of the InCommon Federation, which uses Shibboleth software to enable login across federation-member websites. ITS can help U-M departments and units set up Shibboleth access to U-M and vendor services.

Shibboleth allows people to log in to web resources at other institutions using the ID and password they use at their own institution. It's kind of like when banks allow you to use your ATM card at the ATM of a bank where you don't have an account. Members of the U-M community can log in to services such as M+Google and M+Box using their uniqname and UMICH password because Shibboleth software passes on assurance of their identity and authorization to Google and Box during the login process.

For more, see Shibboleth at U-M.