Overview
Pitt and UPMC both utilize a single sign-on service that simplifies the process of accessing online resources. Both also use multifactor authentication to add an extra layer of security to your account. This page defines each organization's services and explains how to navigate more seamlessly between them.
Detail
Multifactor Authentication
Multifactor authentication adds another layer of security to your Pitt and UPMC accounts by requiring two “factors” to verify your identity when you log in to a service: something you know (such as your password) and something only you have (such as your mobile phone, on which you will receive a log-in confirmation notice).
MFA Solutions
Pitt: The University of Pittsburgh uses Duo Security for multifactor authentication.
UPMC: UPMC uses Microsoft Authenticator for multifactor authentication.
How to Install MFA apps on a Smartphone
Pitt: You can install the Duo Mobile App for your phone from the Pitt App Center, Google Play (Android devices), the App Store (iOS devices), or the Microsoft Store (Windows devices).
UPMC: If you are connected to the UPMC network, you can click https://aka.ms.mfasetup to install the Microsoft Authenticator app. If you are not connected to the UPMC network, call the UPMC Help Desk at 412-647-HELP (4357) for assistance with set up. View detailed instructions ...
How To Enroll in MFA
Pitt: To register a device to use with Duo, follow the step-by-step instructions in the “Register a Device” section of Pitt IT’s Multifactor Authentication webpage.
UPMC: To set up a device to use with Microsoft Authenticator, follow the step-by-step instructions in UPMC's “How to Set Up the Microsoft Authenticator Application” document. Additional information is available on Microsoft’s website.
Using Duo and Microsoft Authenticator on the Same Device
If you have a dual affiliation with Pitt and UPMC, you can use the same device to authenticate through Duo and Microsoft Authenticator. Simply install both Duo and Microsoft Authenticator on your device, then authenticate using the appropriate app for each organization.
Hardware Tokens
Although utilizing an app on your device is the preferred method of multifactor authentication at both Pitt and UPMC, hardware tokens are available as another option, if needed
Pitt: Pitt IT encourages individuals to use the Duo Mobile app for the best multifactor authentication experience. However, if you do not have a device that can be used with the Duo app, you may contact Pitt’s Technology Help Desk at 412-624-HELP (4357) to request a hardware token.
UPMC: A YubiKey is a hardware token that can be used in lieu of the Microsoft Authenticator app. In general, YubiKeys are made available for UPMC staff members who work in restricted areas where they are unable to use a personal device, such as a smart phone. YubiKeys can also be requested by individuals who do not want to use their personal device for multifactor authentication.
Single Sign-On Solutions
Single sign-on (SSO) is a service that simplifies the process of accessing online resources. Logging in once with SSO grants you access to a wide range of IT services without needing to log in each time you access a new service.
Pitt Passport (Pitt)
Pitt Passport is the single sign-on service used for most of the University of Pittsburgh’s IT services.
HSConnect (iTarget)
HSConnect is the single sign-on service used to access some IT services used by the University's Senior Vice Chancellor of Health Sciences and the School of Medicine. HSConnect is supported by the iTarget team.
Office 365 Azure AD (UPMC)
Office 365 Azure Active Directory (AD) is the single sign-on service used for most UPMC IT services.
Seamless Sign-In Between Pitt and UPMC Resources
Browser Issues
When you log in using single sign-on, an SSO token is associated with your device. As long as that SSO token remains active on your device, you may continue to access services without entering your username and password again.
If you have a dual affiliation and use both Pitt and UPMC’s single sign-on services to access online resources in the same 24-hour period, you may encounter issues caused by your web browser retaining a Pitt SSO token when you try to log in to UPMC services (or vice versa).
Workaround
The best way to avoid issues caused by SSO tokens is to create two separate browser profiles: one that you use when logging in to Pitt services, and another that you use when logging in to UPMC services. The instructions below explain how to create profiles on different web browsers.
- Chrome
- Firefox
- Edge
- Safari: Safari doesn’t offer the option to create individual browser profiles. However, if you use Safari on a Mac, you can set up different user profiles and use those different profiles for work and personal browsing. If you’re not using Safari on a Mac, you can’t separate your work and personal browsing unless you choose one of the other browser options above.
Instead of creating separate browser profiles, you also have the option to use one brand of browser for Pitt services and another brand of browser for UPMC services. Keep in mind, however, that same individual IT services and apps may have specific browser requirements that make this separation difficult.
[Add related information]