Skip to Main Content

Multi-factor Authentication (MFA)

What is Multi-factor Authentication (MFA)?

Multi-Factor Authentication (MFA) is a security enhancement that requires two forms of verification when using your UCLA Logon and provides critical protection for your sign-on credentials. If one factor is compromised, such as a password, an attacker would still need the other factor, such as a smartphone, to gain access to the system.

This reduces the risk of unauthorized users accessing user information or UCLA resources. MFA has been deployed for UCLA systems in response to the increasing scope and sophistication of cyberattacks targeting our community.

UCLA has partnered with DUO to provide MFA capabilities. You can find out more about DUO on their website.

Who needs to activate Multi-factor Authentication (MFA)?

Multi-Factor Authentication (MFA) is mandatory for all faculty, students and staff or anyone accessing UCLA systems protected by Single Sign-On (SSO). Access to UCLA Gmail accounts also requires MFA to be activated.

What systems require Multi-factor Authentication (MFA)?

Multi-Factor Authentication (MFA) is required when accessing web applications and services that use UCLA Single Sign-On (SSO). 

What happens if I do not activate Multi-factor Authentication (MFA)?

Students, faculty, and staff members who do not activate MFA will not be able to access UCLA systems that require Single Sign-On using your UCLA Logon ID until you have activated MFA. Access to UCLA Gmail account will be restricted until MFA is activated.

Multi-factor Authentication (MFA) Service

Multi-factor Authentication (MFA) Methods

 Duo can provide secure, second factor authentication via:

If you are a faculty or staff member and you are unable to use Duo Mobile App for Multi factor authentication, please review the FAQs document for instructions.

Pricing

This service is provided at no cost to campus

MFA is a requirement for UCLA Logon and provided by the Duo service at no cost to UCLA students, faculty, and staff when utilizing the Duo Mobile App.

Local Duo implementations can also be provisioned to individual campus units at no additional cost. 

Benefits of MFA

  • Protection for your UCLA Logon ID
  • Secure, second factor authentication to help prevent unauthorized access
  • Variety of supported devices for second factor authentication challenge
  • Customizable within each department
  • Training and guidance available through the IT Security Office
  • Provided free of charge to all areas

Eligibility

MFA for UCLA SSO is managed and maintained by UCLA IT Services. Local implementations can be requested by emailing security@ucla.edu.

Requirements

MFA is a requirement when utilizing services behind UCLA Logon SSO. Please note that additional MFA requirements are in place to comply with UCOP Cybersecurity Mandates. For additional information visit the UCLA Information Security Investment Plan & UCLA Requirements page

Getting Started

Device Compatibility 

Device Exceptions

  • If you are unable to install Duo Mobile App, you may use a Passkey generated by 1Password as an alternative authentication method. Please see the setup instructions for Windows and macOS devices.
  • If you are faculty or staff member who cannot install Duo Mobile app, you may request an exception for a YubiKey security token through the ServiceNow form.
  • If you are a student or Emerti and are unable to install the Duo Mobile app, you may purchase a YubiKey
  • After purchasing your YubiKey, please register your security token.
  • If you are an Alumni and are unable to install the Duo Mobile app, you may purchase a YubiKey
  • After purchasing your YubiKey, please send an email to the IT Support Center to have your security token registered.

For additional questions or assistance, please contact: