[MFA Modernization Pilot] MFA at UMS: What You Need to Know

⚠️ WARNING: This article is intended for participants in the MFA Modernization Pilot only. If you are not a pilot participant, the information in this article may not apply to you. Contact the IT Service Desk if you have questions about your current sign-in experience.

Multi-factor authentication (MFA) is required for all University of Maine System (UMS) users. This article explains what MFA is, why it matters, and what to expect.

Detailed Information

What is MFA?

Multi-factor authentication (MFA) adds an extra step when signing into UMS applications. You confirm your identity using an additional method, like a passkey, a phone notification, or a physical security key. This helps protect your account even if your password is compromised.

Who does this apply to?

All UMS users are required to enroll in MFA. It applies to all applications you sign in to with your UMS credentials through Microsoft Entra single sign-on (SSO).

What is changing?

  • MFA is mandatory. All users must enroll one or more approved authentication method. UMS IT highly recommends enrolling more than one MFA method.
  • SMS text, voice calls, and email one-time passwords are not allowed. These methods are not secure enough and will not be available for MFA.

What do I need to do?

  1. Enroll in an approved MFA method. Step-by-step enrollment guides are available in the IT knowledge base.
  2. Know your options. See MFA Authentication Methods for a full list of what is allowed and what is recommended.
  3. If you cannot use a smartphone, you may be eligible for a hardware security key (YubiKey). See Getting a Hardware Security Key (YubiKey) for details.

Passkeys are the preferred MFA method because they are phishing-resistant. If you can use a passkey, that is the recommended choice.

What should I expect day-to-day?

How often you are prompted for MFA depends on the device you are using:

  • On a UMS-managed computer (Windows or Mac): You will be prompted for MFA approximately once every 30 days. Day-to-day sign-ins will happen in the background without interruption.
  • On a personal device using a web browser: You will be prompted for MFA each time you open a new browser session, up to once every 24 hours.
  • On a personal device using apps (such as Microsoft Office and OneDrive): You will be prompted for MFA approximately once every 30 days.

For more detail, see MFA Sign-In Experience: What to Expect.

Environment

  • Microsoft Entra (formerly Azure Active Directory)
  • All UMS applications using Entra single sign-on
  • Windows, macOS, iOS, Android

 

Print Article