Effective February 25, 2026, most U-M services have transitioned to Okta, replacing U-M Weblogin and Duo for multi-factor authentication (MFA). Services that do not use Weblogin will need to update their service to use Okta instead of Duo, although Duo will continue to work for these services after February 25, 2026. See Guidance on Migrating Non-Weblogin systems to Okta for MFA for more information.
What is Multi-Factor Authentication (MFA)?
Multi-factor Authentication (MFA) involves combining more than one authentication type and provides a stronger assurance of the person’s identity. At U-M, that means your UMICH password plus Okta. You can choose from multiple MFA options. An attacker who gets your password won't be able to log in as you without your Okta MFA option.
Who Needs MFA?
- MFA is required:
- For employees, students, and sponsored affiliates on all U-M campuses when logging in with their U-M account. This includes retired faculty who have emeritus appointments (paid or unpaid).
- New retirees and alumni going forward are required to use MFA.
- MFA is optional:
- For sponsored affiliates who have temporary uniqnames.
- For retirees and alumni with legacy UMICH accounts who have not yet opted in to using MFA with their UMICH account. Now that students and employees are required to use MFA, new retirees and alumni going forward are required to use MFA.
- For some U-M system accounts where MFA is optional or not available.