This page includes topics related to eligibility for two-factor authentication (2FA).
Who is eligible for 2FA?
All employees and students are eligible to use 2FA with their personal UW NetID, as well as others on a case-by-case basis.
- Employee eligibility includes:
- current faculty, staff, and student employees
- current contingent workers (affiliate employees)
- current retirees
- employees who have recently terminated employment
- Student eligibility is based on enrollment status and includes undergraduate, graduate, and Professional & Continuing Education students.
- Research collaborators
- Research collaborators are authorized for 2FA on a case-by-case basis. Note that research collaborators using Hyak are authorized to use 2FA once they’re authorized to use Hyak.
- Alumni and donors
- Alumni and donors are authorized for 2FA on a case-by-case basis.
- Other affiliates and associates are authorized for 2FA on a case-by-case basis.
Are contractors eligible to use 2FA?
Yes, contractors (more generally, contractors, consultants, and vendors) hired in Workday as contingent workers are automatically eligible for 2FA. To learn more about hiring contingent workers, refer to the ISC’s user guide for the Contract Contingent Worker process. If your contractors aren’t hired as contingent workers, they may be authorized for 2FA eligibility on a case-by-case basis.
How do I request 2FA eligibility on a case-by-case basis?
Email email@example.com to request eligibility for research collaborators, alumni and donors, and other affiliates and associates. Note in your email why you are not able to gain an already eligible affiliation. For contractors not in Workday, please include the reason your organization or team cannot hire the person as a contingent worker in Workday.
Additionally if you only require 2FA for one service, please work with that service to ensure they want to require all users have 2FA. Services can often find a portion of their users are ineligible for 2FA and make adjustments.
When does the ability to use 2FA expire?
Use of 2FA is based on eligibility (described above) and will expire based on changes to your affiliation(s) with the UW, or other case-by-case authorizations. To learn more, refer to Expiration of access to IT services.
Personal UW NetIDs are eligible for 2FA based on the affiliation(s) of the user, as well as any case-by-case authorizations they’ve been granted. Refer to the upper sections of this page for details.
Admin UW NetIDs are eligible for 2FA based on employee affiliation (per above). Admin UW NetIDs are only available for use by employees (and authorized exceptions). They are linked to an employee’s Personal UW NetID, such that they can use the same 2FA devices for both accounts. Therefore, 2FA eligibility is linked to employee eligibility for 2FA.
Shared UW NetIDs aren’t eligible for 2FA. Please contact us if you or your organization have use cases involving use of 2FA with Shared UW NetIDs.
Clinical Shared UW NetIDs aren’t eligible for 2FA. Please contact us if you or your organization have use cases involving use of 2FA with Clinical Shared UW NetIDs.
Other types of UW NetIDs including Temporary UW NetIDs, Application UW NetIDs, and Reserved UW NetIDs aren’t eligible for 2FA. Please contact us for case-by-case exceptions for Temporary UW NetIDs.