This page includes topics related to eligibility for two-factor authentication (2FA).
Who is eligible for 2FA?
All employees and students are eligible to use 2FA with their personal UW NetID, as well as others on a case-by-case basis.
- Employee eligibility includes:
- current faculty, staff, and student employees
- current contingent workers (affiliate employees)
- current retirees
- employees who have recently terminated employment
- UW Medicine
- UW Medicine eligibility includes:
- current UW Medicine Affiliates
- current UW Medicine Workforce personnel
- Research collaborators
- Research collaborators are authorized for 2FA on a case-by-case basis. Note that research collaborators using Hyak are authorized to use 2FA once they’re authorized to use Hyak.
- Alumni and donors
- Alumni and donors are authorized for 2FA on a case-by-case basis.
- Other affiliates and associates are authorized for 2FA on a case-by-case basis.
Are contractors eligible to use 2FA?
Yes, contractors (more generally, contractors, consultants, and vendors) hired in Workday as contingent workers are automatically eligible for 2FA. To learn more about hiring contingent workers, refer to the ISC’s user guides for the Contract Contingent Worker process, Contingent Worker criteria, and Contingent Worker journey map. If your contractors aren’t hired as contingent workers, they may be authorized for 2FA eligibility on a case-by-case basis.
How do I request 2FA eligibility on a case-by-case basis?
Email firstname.lastname@example.org to request eligibility for research collaborators, alumni and donors, and other affiliates and associates. Note in your email why you are not able to gain an already eligible affiliation. For contractors not in Workday, please include the reason your organization or team cannot hire the person as a contingent worker in Workday.
For groups of contractors who need to be eligible please email email@example.com and include an existing GWS Group with the appropriate membership. Note in your email why they are not able to gain an already eligible affiliation, and what practices will be put in place to ensure the group membership stays up to date.
Additionally if you only require 2FA for one service, please work with that service to ensure they want to require all users have 2FA. Services can often find a portion of their users are ineligible for 2FA and make adjustments.
When does the ability to use 2FA expire?
Use of 2FA is based on eligibility (described above) and will expire based on changes to your affiliation(s) with the UW, or other case-by-case authorizations. To learn more, refer to Expiration of access to IT services.
Personal UW NetIDs are eligible for 2FA based on the affiliation(s) of the user, as well as any case-by-case authorizations they’ve been granted. Refer to the upper sections of this page for details.
Admin UW NetIDs are eligible for 2FA based on employee affiliation (per above). Admin UW NetIDs are only available for use by employees (and authorized exceptions). They are linked to an employee’s Personal UW NetID, such that they can use the same 2FA devices for both accounts. Therefore, 2FA eligibility is linked to employee eligibility for 2FA.
Shared UW NetIDs aren’t eligible for 2FA. Please contact us if you or your organization have use cases involving use of 2FA with Shared UW NetIDs.
Clinical Shared UW NetIDs aren’t eligible for 2FA. Please contact us if you or your organization have use cases involving use of 2FA with Clinical Shared UW NetIDs.
Other types of UW NetIDs including Temporary UW NetIDs, Application UW NetIDs, and Reserved UW NetIDs aren’t eligible for 2FA. Please contact us for case-by-case exceptions for Temporary UW NetIDs.