Multi Factor Authentication Policy

Policy Purpose

This policy defines the use of Multi Factor Authentication. Establishing and enforcing an MFA policy is required for the University in order to align with UA System security and auditing mandates.

Policy Statement

It shall be the policy of the University of Arkansas-Fort Smith to use MFA as a secondary form of authentication for accessing specific computer systems or applications that require MFA.

Applicability

This policy applies to all University employees and students. This policy also applies to all contracted employees, students, or any other user who has been granted access to University applications that require MFA.

Definitions

MFA – Multi Factor Authentication is considered a secondary form of authentication after inputting a username and password. Not all systems require MFA.
VPN – Virtual Private Network. This is an application that secures a private connection between a external computer and an internal computer network.

Policy Procedure

1. MFA will be required for Office 365 applications both on campus and off campus.
2. MFA will be required for WorkDay both on campus and off campus.
3. MFA will be required for remote access to the UAFS campus through the University VPN.
4. All applications setup with SSO will be required to use MFA.
5. Future applications listed will be required to use MFA on a case by case basis.

Enforcement

Enforcement is provided by the policies setup by IT that enforce MFA.

Policy Management

This policy is managed by the IT department. The IT Director and appointed IT personnel are the primary administrators of this policy. The responsible executive is the VCFA.

Exclusions

None Applicable

Effective and Approved Date

This internal policy was approved by Terry Meadows – Director of IT/CIO on 3/7/2023.

Last Updated

6/19/2025 – Added info about SSO applications under the Procedure section – Terry Meadows CIO