Traditionally, logging in (known as "authenticating") required only a username and password (one step). Two-step verification provides additional security by requiring a second step--something that you have, such as a phone--in order to log in.
- Two-step verification is required of all ITS systems administrators as well as ConnectCarolina users who access University-owned sensitive information.
- In addition, two-step verification is required to access financial information (e.g. W-2 forms) of current and former employees.
The two-step verification application used at UNC Chapel Hill is DuoSecurity.
Current users include faculty, staff, and affiliates including guest IDs for former employees.
Users register for the service via the Onyen management page https://itsapps.unc.edu/improv/.
- To register for the service via the Onyen Management page, users will need to know their Onyen, Onyen password, date of birth, and last four digits of their SSN. This information is used to validate the individual’s affiliation with the University. None of this data is passed outside of the Onyen management system.
System administrators seeking to add two-step verification to a service should contact the Service Desk.
To register, users will need access to a computer and one of the following:
- personally owned smartphone or cell phone
- tablets (e.g. iPad)
- hardware token (e.g. Yubikey)
After registering, a computer is not required.
Technical Support Contact Information
Technical support for two-step verification is provided by contacting the ITS Service Desk by any of the following methods:
- Phone (919) 962-HELP (4357)
- Chat: https://help.unc.edu/chat
- Online Help Request: http://help.unc.edu/help/olhr/
- Twitter: @unchelpdesk
- Facebook: unchelpdesk
- YouTube: unchelpdesk
- Instagram: unchelpdesk
SLA Response Times
- Critical* tickets will be acknowledged within 15 minutes after receipt.
- Important** tickets will be acknowledged within 8 business hours after receipt.
- General*** tickets will be acknowledged within 3 business days after receipt.
* Critical ticket: ISO considers a ticket critical when there is a work stoppage (e.g. outage) impacting: (1) a University business or business service; or (2) an employee responsible for completing mission critical work.
** Important ticket: A request for support in the normal course of University business.
*** General ticket: A request for information regarding configuration or performance (e.g. troubleshooting, request for logs, etc).
Currently we have one set of CTI values in Remedy for two-step verification which represent any request for assistance.
Service Metrics / Service Goal metrics
The Information Security Office strives to achieve SLA standards at least 95% of the time for all Remedy tickets with the CTI values mentioned above.
The Duo Administrative Portal is a cloud-based service. Maintenance schedules for this product are outlined under "Automated Updates" at the following link: https://duo.com/why-duo/security-and-reliability.
Outages for this product are documented at http://status.its.unc.edu.
Hours Of Operation
The Information Security Office business hours are 8:00 AM to 5:00 PM on days that the University operates. 24/7 on-call support is available for critical tickets.
Customers must be prepared to register for an account using personal information; customers should be aware of the differences between the various methods for providing verification via the 2nd step.
Note: The self-registration portal is available at https://itsapps.unc.edu/improv/.
Out of Scope
Any requests to implement two-step verification outside of approved project plans.