Conditional Access

Conditional access is Microsoft's tool for system authorization based on a combination of:

  1. user and device identity
  2. location signaling
  3. and if necessary, two-factor user verification.

On January, 10, 2022, ITS began to utilize Conditional Access to increase the level of security for our employee’s single-sign-on (SSO) to all Microsoft O365 software and some enterprise solutions (those using Microsoft SSO).

On July 19, 2022, Conditional Access will be added to our Virtual Private Network (VPN) services.

HOW DOES CONDITIONAL ACCESS WORK?

Simplified, conditional access procedures are if-then statements: if a UofL employee wants to access a resource, then a conditional action must then be completed on two of three fronts. The majority of conditional access requests are fulfilled by the first and second actions – a UofL employee with a recognized device working from campus or a previous known location (frequent access via IP address) – so there is no need for a third action.

However, on the occasion when the employee is traveling and attempts to log-in on their university laptop but from an unknown network or IP address, the second aspect is not possible. In this instance, the need for the conditional action must be taken by fulfilling the 3) user verification by means of two-factoring or acknowledging through UL2FCTR (Duo two-factor authentication).

video pause button
video pause button

Using UL2FCTR

User two-factor verification is already a known process for the majority of UofL Employees. For example: currently, if an employee wants to view their payroll check in ULink, they are required to perform UL2FTCR (Duo) to access PeopleSoftHR pages.

Limiting high-risk log-ins

The extra step of two-factor authentication for employees accessing university email or secure systems will only occur when users are off-campus, at a location unfamiliar to the system or on an unknown device. In of our testing, this occurred in only 1.5% of situations.

Update your UL2FCTR settings

Consider updating how UL2FCTR / Duo contacts you to fulfill the second factor of verifying your identity. ITS highly encourages the use of the Duo mobile application on a smartphone or SMS text message for the authentication process. See our ULservice page for more info.