Skip to content


Making way for MFA

REDCap Data Protection

The data collected by projects using REDCap ranges from level 1-4 on the University of Toronto’s Data Classification table, found here: Since level 3 and 4 data is stored on the system, access to REDCap is protected by Multi-Factor Authentication.

What is Multi-factor Authentication?

Multi-Factor Authentication (MFA) is a security enhancement that requires two sets of unique credentials before granting users access to an account. E.g. your credentials (account and password) paired with a push sent to your mobile device.

MFA at the University of Toronto

The University of Toronto launched UTORMFA in summer 2020; and this service is provided by Duo Security. The UTORMFA is managed through a user’s mobile device, and is available to all REDCap users at the University of Toronto. Any REDCap users that are still using an eToken to sign into REDCap are encouraged to sign up for the UTORMFA. The University of Toronto is transitioning away from the use of eTokens as the supported form of security authentication. For more details, please see

Enrolling in the UTORMFA

In order to use UTORMFA, users will need to enroll from their mobile device by visiting will be guided to download the Duo mobile application relevant to your mobile device. If your smart phone is unavailable or you do not own one, the University of Toronto offers hardware tokens to generate passcodes for Duo. You will need to discuss this with your respective Information Technology Help desks.

Logging into REDCap

Logging into REDCap with the UTORMFA will require you to follow the steps in the image titled “Login Process”.  Navigate to and your process will be similar to the images below.

Note.  If you have an EToken, you will be given a choice to use your EToken or UTORMFA.

Login Process  


Desktop Interface:


Mobile Phone Interface