This document provides instructions for managing two-factor authentication using Duo for non-uniqname accounts in Active Directory (UMROOT).
The UMROOT domain of Active Directory (AD) contains many non-person accounts, defined as administrator accounts (such as domain or organizational unit administrators), accounts used by vendors, service accounts, and so on. These accounts cannot be accessed through UMICH Account Management, because they do not have a Kerberos principal, nor do they exist in the People organizational unit of the MCommunity Directory.
Enroll a non-uniqname account in Duo
Note: To complete all of the steps below, you must be on a campus network or connected to the UMVPN.
- Go to University Account Management (UAM) and log in with your uniqname and UMICH (Level-1) password.
- Click the Linked Accounts menu item.
Note: If you do not see the Linked Accounts menu item and need to enroll a non-uniqname account in Duo, self-join the Michigan-IT-Slack MCommunity group.
- Click Link New Account.
- Enter the non-uniqname Account, Password, and Purpose of Account, and then click Link Account.
- Complete the Duo enrollment process. When complete, the Duo Device Management page displays.
Manage your Duo devices for non-uniqname accounts
- Go to University Account Management (UAM) and log in with your uniqname and UMICH (Level-1) password.
- Click the Linked Accounts menu item.
Note: If you do not see the Linked Accounts menu item and need to enroll a non-uniqname account in Duo, self-join the Michigan-IT-Slack MCommunity group.
- Click Manage Duo Devices.
- Log in again with your uniqname and UMICH (Level-1) password.
- Under Manage Duo - Select Account to Impersonate, select the appropriate account from the drop-down and then click Impersonate.
- Complete the Duo authentication prompt.
- Use the Duo Device Management page to manage enrolled devices.