ITS Identity and Access Management

Quick Links

Logging In: Accounts & Passwords

Your uniqname and UMICH password are your key to logging in to U-M systems and services. A number of accounts and login methods are used behind the scenes to help you get in and get access, but they are tied together by your uniqname and UMICH password.

One Login Name, One Password

Your uniqname and UMICH password are your key to online U-M systems and services whether those services are hosted at U-M by ITS, provided by U-M departments, or are cloud services contracted for by the university—and whether you access them from a desktop machine, laptop, or mobile device. It is our goal to make connecting to all these services as easy as if they were all using one account and one technology for logging in, even though they aren't.

MCommunity serves as a hub to synchronize your UMICH password across U-M systems and to create the accounts you need for full access. If you work in information technology, or just find this really interesting, here's more detail:

Friend accounts are available for those who do not need a uniqname but need minimal access. These accounts allow people to log in to the U-M computing environment using their email address instead of a uniqname. Providers of U-M computing services can then authorize Friend account holders to use certain services as appropriate. Friend accounts are used, for example, by parents and guardians to log in so they can pay student tuition.

Federated Identity Management (Shibboleth)

U-M has a long-term strategy of providing access to cloud computing services through strategic partnerships with cloud vendors. With federated identity management, institutions join together in groups—called federations—and agree to trust each other's identity credentials.

U-M is a member of the InCommon Federation, which uses Shibboleth software to enable login across federation-member websites. ITS can help U-M departments and units set up Shibboleth access to U-M and vendor services.

Shibboleth allows people to log in to web resources at other institutions using the ID and password they use at their own institution. It's kind of like when banks allow you to use your ATM card at the ATM of a bank where you don't have an account. Members of the U-M community can log in to services such as M+Google and M+Box using their uniqname and UMICH password because Shibboleth software passes on assurance of their identity and authorization to Google and Box during the login process.

For more, see Shibboleth at U-M.

M-Token (Two-Factor Authentication)

For access to certain systems containing sensitive university data, such as Human Resources and Student Administration systems, users are asked for additional proof of their identity for increased security. Two-factor authentication requires users to provide two proofs of their identity—something they know (their UMICH password) and something they have (a physical device called an MToken)—when logging in to a system. The MToken displays a one-time tokencode—a six-digit number that changes every 60 seconds.

For more, see MToken and Two Factor Authentication at U-M.

U-M IT staff who want to implement use of MTokens with a service, see Configuring Multifactor Authentication at U-M.