Overview
UW Information Technology provides a Token Authentication Service for access to more sensitive UW applications.
Purpose
This higher-assurance authentication service provides authentication using Duo Security. It creates a "two-factor" authentication solution: where "something you know" – a password or PIN – is combined with "something you have" – a device that generates a code or notification that must be acknowledged. A two-factor authentication system provides better security than a single-factor system (such as regular UW NetID + password authentication) because an attacker must obtain both the user's password and their device to impersonate them.
Token authentication is used for applications that require a higher level of authentication security, including many administrative applications and functions.
Getting Started
Token authentication is integrated with the following UW-IT services and platforms:
- UW Identity Provider (IdP)
- Supports SAML 2.0 and the REFEDS MFA Profile
- Web-based applications that use Shibboleth for SSO can require 2FA sessions
- Web-based applications that use SAML 2.0 for SSO
- Can request 2FA using the REFEDS MFA Profile
- Alternatively, by request, the UW IdP can enforce 2FA
- UW-IT Standard Managed Servers (Linux)
- UW Home Page Servers
- UW Shared Web Hosting
- Keynes (Administrative Mainframe)
End users interact with these resources:
Departmental systems and applications
It is possible to integrate token authentication with some departmental systems and applications.
External Links
Support
Contact help@uw.edu if you have questions about the Token Authentication Service.