Security

How do I gain access to LionPATH?

  • Faculty and staff who cannot log into LionPATH:
    • verify with your supervisor what types of data you need access to, and then contact your ASR to request access.
  • ASRs:
    • complete the access request form, including all necessary signatures, and submit it to LionPATH Security. There are instructions within the form on how to properly fill it out and where to submit it. Only properly filled out forms will be accepted and processed. The current form can be found here.

Why do I have to log in with Duo twice for LionPATH?

LionPATH does not enforce Duo twice. We enforce it once, when a user attempts to access a module or function that is protected. Duo is enforced for some users in WebAccess. This protects WebAccess authentication, which is used by hundreds of web sites around the University.

We needed to implement 2FA before the WebAccess 2FA support was ready, so that’s why we implemented separately. We then realized that WebAccess sessions last for a very long time (as long as you don’t close your browser), while LionPATH sessions must expire after a short period of inactivity. So we needed to be able to assert 2FA independently of the WebAccess implementation.

Flexibility in what we protect, support for much shorter timeout windows, and integration of 2FA with PeopleSoft security roles and permissions are the main reasons we implemented Duo separately. We’re simply applying a higher security standard in LionPATH than the general WebAccess service can or should. We realize this means some people will see the Duo prompt twice in a row, but it protects us from situations where a user might authenticate to UCS or some other service, leave their system and not realize their session is still active.

This model also keeps us isolated from any changes that might occur to WebAccess in future.