Skip to end of metadata
Go to start of metadata


UW Information Technology provides a Token Authentication Service for access to more sensitive UW applications.


This higher-assurance authentication service provides authentication using Duo Security. It creates a "two-factor" authentication solution: where "something you know" – a password or PIN – is combined with "something you have" – a device that generates a code or notification that must be acknowledged. A two-factor authentication system provides better security than a single-factor system (such as regular UW NetID + password authentication) because an attacker must obtain both the user's password and their device to impersonate them.

Token authentication is used for applications that require a higher level of authentication security, including many administrative applications and functions.

Getting Started

UW-IT services and platforms

Token authentication is integrated with the following UW-IT services and platforms:

  • UW Identity Provider (IdP)
    • Supports SAML 2.0 and the REFEDS MFA Profile
      • Web-based applications that use Shibboleth for SSO can require 2FA sessions
      • Web-based applications that use SAML 2.0 for SSO
        • Can request 2FA using the REFEDS MFA Profile
        • Alternatively, by request, the UW IdP can enforce 2FA
  • UW-IT Standard Managed Servers (Linux)
  • UW Home Page Servers
  • UW Shared Web Hosting
  • Keynes (Administrative Mainframe)

End users interact with these resources:

Departmental systems and applications

It is possible to integrate token authentication with some departmental systems and applications.

External Links


Contact if you have questions about the Token Authentication Service.

  • No labels