Augsburg University Multi-factor Authentication (MFA) Policy

I. Overview/Purpose

NIST password guidelines recommend augmenting passwords with MFA to enhance security.

II. Scope

This policy applies to any cloud web application used by the University that houses confidential or regulated data, as defined in the Data Classification Policy, as well as the campus single-sign-on identity provider.

III. Definitions

Cloud web application - a web-based application that resides off-campus.

Identity Provider - a system that authenticates users’ identities and authorizes their access to various applications and services by managing and verifying digital credentials

IV. Policy Details

Any cloud web application used by the University that houses confidential or regulated data, as defined in the Data Classification Policy, will have MFA enabled if it is technically feasible.

Any cloud web application that is authenticated through the campus identity provider will require MFA.

V. Exceptions

Decisions on exceptions will be made by the CIO or designate.

Revision History