Charge
The Identity Management (IDM) team is charged with the implimentation of Two-Factor Authentication (2FA) on all UC Merced accounts and achieving 100% cybersecurity training for all staff, faculty, and student employees. These two efforts will help keep not only UC Merced accounts (by securing aged alumni accounts and less secure service accounts), but personal accounts safer as it establishes best practices that can be enabled on any account.
Mandate Requirement
Ensure 100% cybersecurity training compliance for all staff, student staff, and faculty.
Deploy, enable, and configure multi-factor authentication (better known as 2FA and Duo at UCM) on 100% of campus email accounts with established UC 2FA configuration standards.
Methods of Achievement
SSO Interrupt - Updated 1/06/2025
What's Happened
As of January 1st, the UC Merced Single-Sign On (SSO) system has been updated to include an interrupt for those with an upcoming cybersecurity training due date. The interrupt is designed to remind those with assigned training of their upcoming due date as they log-in. Once they pass their due date and become overdue they will no longer be able to login to their account except to get into the UC Learning Center to complete their training. Once their training is complete the account lock will lift, and they will be able to login without issue.
OIT began messaging about the launch of the Interrupt and reminding individuals of training in November of 2024. From our initial reminds to go live our overdue count was cut in half. Since go live that number again has dropped significantly and UC Merced has a cybersecurity training completion rate of 99%.
The team is working to identify the remaining 1% of staff, faculty, and student employees who have yet to complete their training in order to reach 100% compliance by our May 28th deadline.
Supporting Resources
Alumni Account 2FA Implementation - Updated 3/3/2025
What's Happened
As of March 3rd, the MercedID website has been updated for our alumni who have graduated before the implementation of Duo 2FA on campus. Under the security check-up section of the site alumni can self enabled Duo 2FA on their accounts and enroll a device into Duo.
the UC Merced Single-Sign On (SSO) system has been updated to include an interrupt for those with an upcoming cybersecurity training due date. The interrupt is designed to remind those with assigned training of their upcoming due date as they log-in. Once they pass their due date and become overdue they will no longer be able to login to their account except to get into the UC Learning Center to complete their training. Once their training is complete the account lock will lift, and they will be able to login without issue.
OIT began messaging about the launch of the Interrupt and reminding individuals of training in November of 2024. From our initial reminds to go live our overdue count was cut in half. Since go live that number again has dropped significantly and UC Merced has a cybersecurity training completion rate of 99%.
The team is working to identify the remaining 1% of staff, faculty, and student employees who have yet to complete their training in order to reach 100% compliance by our May 28th deadline.
