Making way for MFA

REDCap Data Protection

The data collected by projects using REDCap ranges from level 1-4 on the University of Toronto’s Data Classification table, found here: https://isea.utoronto.ca/policies-procedures/standards/data-classification/. Since level 3 and 4 data is stored on the system, access to REDCap is protected by Multi-Factor Authentication.

What is Multi-factor Authentication?

Multi-Factor Authentication (MFA) is a security enhancement that requires two sets of unique credentials before granting users access to an account. E.g. your credentials (account and password) paired with a push sent to your mobile device.

MFA at the University of Toronto

Current users of REDCap make use of ETokens. As users know, this requires a hardware token (USB key). The University of Toronto launched UTORMFA in summer 2020; this service is provided by Duo Security. UTORMFA can be managed through a mobile device For more details, please see https://isea.utoronto.ca/services/utormfa/. UTORMFA will be available to current users of REDCap, and to new users.

Enrolling to use UTORMFA

In order to use UTORMFA, users will need to enroll. If you have not already done so, you can enroll from your mobile device by visiting https://enroll.utormfa.utoronto.ca/enroll.You will be guided to download the Duo App relevant for your mobile device during enrollment. If your smart phone is unavailable or you do not own one, the University of Toronto offers hardware tokens to generate passcodes for Duo. You will need to discuss this with your respective Help desks.

Logging into REDCap

Logging into REDCap with UTORMFA will be the same as logging in to any other application behind Weblogin.  Navigate to www.redcap.utoronto.ca and your process will be similar to below.

Note.  If you have an EToken, you will be given a choice to use your EToken or UTORMFA.

Desktop Interface:

Mobile Phone Interface