An MToken is a small device that can fit on a key ring that displays a new six-digit tokencode once every minute. MTokens serve as the second factor in two-factor authentication. Two-factor authentication is comprised of something you know (your UMICH password) and something you have (your MToken).
A tokencode is the
If you have access to a system that requires two-factor authentication, you can obtain an MToken at an MToken Distribution Center. You need to provide your MCard to obtain your MToken.
View the MToken Help Desk and Distribution Center Web page for locations and hours of operation.
No, you cannot use anyone else's MToken. Your MToken is assigned to you and will work only with your uniqname and UMICH password (called Level-1 password at the U-M Health System).
You can activate your MToken online by following these steps.
Important: Do not initiate the activation process until you have an MToken.
An MToken must be used when logging in to a system that requires two-factor authentication. You must enter the tokencode displayed on your MToken each time you log in to any of these systems.
Faculty, lecturers, and graduate student instructors who have active appointments, as well as M-Reports users in select job families, are not required to use an MToken. They must check the I don't have an MToken checkbox each time they log in.
Exception: Faculty and instructional staff who previously received an MToken are required to enter a tokencode each time they log into any Two-Factor Authentication-enabled system. To remove the M-Token requirement for faculty in this situation, submit a request to the ITS Service Center.
All other U-M Web-based systems (for example, Student Business, Employee Self Service) currently require that you log in only with your uniqname and UMICH password. Individual units can choose to implement Two-Factor Authentication on their internal networks and systems.
Instructional staff with access to Faculty Business in Wolverine Access must check the I don’t have an MToken checkbox each time they log in to Faculty Business. The checkbox is used only by instructional staff that are exempt from MToken restrictions when accessing two-factor-require systems.
If you previously set up Emergency Q&A Authentication, you will be able to acquire a Temporary Static Tokencode (TST) on the web. If you have not set up Emergency Q&A Authentication, please contact the ITS Service Center during business hours in order to obtain a TST. For instructions please see Emergency Access If You Forget Your MToken.
Exception: Temporary tokencodes cannot be used to access the MiChart Electronic Prescribing for Controlled Substances (EPCS) system used at the U-M Health System (UMHS). EPCS users can contact the Medical Center Information Technology (MCIT) Help Desk at (734) 936-8000 for assistance.
If you have lost your MToken, you will need to take certain steps to ensure the security of sensitive institutional data. Please see If You Lose Your MToken for more details. Your lost, broken, or expired MToken can be replaced at any MToken Distribution Center.
Yes, with very few exceptions. MTokens may not be transported or sent to embargoed nations identified by the federal government, pursuant to federal export control regulations.
The following list will help you identify the problem:
If your job role changes or if your department has MTokens from staff who are no longer at the university, the MTokens should be returned. There are several ways to return MTokens that are no longer in use. Please see Returning your MToken for more.