Conditional Access

Conditional access is Microsoft's tool for system authorization based on a combination of:

  1. user and device identity
  2. location signaling
  3. and if necessary, two-factor user verification

UofL uses Conditional Access policies as determinants to apply the appropriate amount of contextual security to a login to all university systems or applications. Used since January of 2022, Conditional Access increases the level of security for all single-sign-on (SSO) instances and is based on a set of contextual clues — like if the user’s location and devices are considered as known, for each user’s login. Additional verification, such as the need for the user to UL2FCTR (Duo), can apply to uphold certain security standards can be required.

HOW DOES CONDITIONAL ACCESS WORK?

Simplified, conditional access procedures are if-then statements: if a UofL user wants to access a resource, then a conditional action must then be completed on two of three fronts. The majority of conditional access requests are fulfilled by the first and second actions – a UofL user with a recognized device working from campus or a previous known location (frequent access via IP address) – so there is no need for a third action.

However, on the occasion when the user is traveling and attempts to log-in on their university laptop but from an unknown network or IP address, the second aspect is not possible. In this instance, the need for the conditional action must be taken by fulfilling the 3) user verification by means of two-factoring or acknowledging through UL2FCTR (Duo two-factor authentication).

video pause button
video pause button

Using UL2FCTR

User two-factor verification is already a known process for the majority of UofL users. For example: currently, if an employee wants to view their payroll check in ULink, they are required to perform UL2FTCR (Duo) to access WorkdayHR pages.

Limiting high-risk log-ins

The extra step of two-factor authentication for users accessing university email or secure systems will only occur when users are off-campus, at a location unfamiliar to the system or on an unknown device. In of our testing, this occurred in only 1.5% of situations.

Update your UL2FCTR settings

Consider updating how UL2FCTR / Duo contacts you to fulfill the second factor of verifying your identity. ITS highly encourages the use of the Duo mobile application on a smartphone or SMS text message for the authentication process. See our Log in / Enroll Portal for more info.