Charge
The Identity Management (IDM) team is charged with the implementation of Two-Factor Authentication (2FA) on all UC Merced accounts and achieving 100% cybersecurity training for all UC Merced staff, faculty, and student employees. These two efforts will secure aged UC Merced alumni accounts and less-secure service accounts, and will also keep personal accounts safer as this effort establishes best practices that can be enabled on any account.
Mandate Requirement
Ensure 100% cybersecurity training compliance for all UC Merced staff, student staff, and faculty.
Deploy, enable, and configure multi-factor authentication (better known as Duo 2FA at UCM) on 100% of campus email accounts with established UC 2FA configuration standards.
Methods of Achievement
SSO Interrupt
What's Happened
As of January 1st, the UC Merced Single-Sign On (SSO) system has been updated to include an interrupt for those with an upcoming cybersecurity training due date. The interrupt is designed to remind those with assigned training of their upcoming due date as they log-in. Once they pass their due date and become overdue, they will no longer be able to log in to their account except to get into the UC Learning Center to complete their training. Once their training is complete, the account lock will lift, and they will be able to log in without issue.
OIT began messaging about the launch of the Interrupt and reminding individuals of training in November of 2024. From our initial reminder notifications to our official go-live date, our campus overdue training count was cut in half. Since go-live, that number has continued to drop significantly and UC Merced now has a cybersecurity training completion rate of 99%.
The team is working to identify the remaining 1% of staff, faculty, and student employees who have yet to complete their training in order to reach 100% compliance by our May 28th deadline.
Supporting Resources
Alumni Account 2FA Implementation
What's Happened
As of March 3rd, the MercedID website has been updated for alumni who graduated before the implementation of Duo 2FA on campus (2018). Under the security check-up section of the site, alumni can self-enable Duo 2FA on their accounts and enroll a device into Duo. This is in preparation for Duo 2FA becoming mandatory in May 2025.
Supporting Resources
Service Account 2FA Implementation
What's Happened
As of March 3rd, the MercedID website has been updated for service accounts. Under the sponsored accounts section of the site, sponsors can self-enabledDuo 2FA on their accounts and enroll a device into Duo.
While push notifications are convenient for personal accounts, service accounts are often shared and accessed by multiple people. Given the way Duo push notifications work, this can often lead to confusion with multiple account users getting push notifications without knowing where they are coming from. To help avoid this, we have configured service accounts to be accessed by entering the 6-digit code provided by the Duo app.