| Warning | ||
|---|---|---|
| ||
Policy mandates that 2FA is required whenever any person working from a remote location utilizes administrative credentials to access a server device that is used to store or process confidential or Category I university data. This includes cases where an initial login is performed with non-administrative credentials and privileges are elevated after a session is established (e.g. via sudo or su). This policy only covers users with administrative privileges. Users who do not have administrative credentials to a server device are not required to use 2FA to authenticate to that serverdevice. |
This page lists the acceptable 2FA options for remote access to university servers devices which store or process Category I data. Certain options may work better in specific environments than others - consult your local IT support staff for any implementation questions or issues. If you need to use a 2FA option not on this list, please contact us at security@utexas.edu.
...
Note: Users MUST utilize 2FA for servers devices they have administrative access to, even when authenticating to the server using non-administrative credentials, if the ability exists for users to elevate permissions to an administrative level after authenticating as a lower-privileged user. If no ability to escalate permissions exists, then only logins using administrative credentials need be secured with 2FA, unless such differentiation is not possible.
...