Identity and access management

Every faculty, staff and student is assigned a unique UWaterloo userid which identifies them. Each userid has a password associated with it that the account owner creates and maintains. The userid and password combination is used to grant access to resources (e.g. LEARN, Quest, HR).

WatIAM – Waterloo Identity and Access Management system

Manage your identity and account settings on the WatIAM website:

  • Change your password
  • Claim a friendly email address (firstname.lastname@uwaterloo.ca)
  • Set or update your non-UW email address that can be used to send a password reset link if needed
  • Set your preferred or chosen name (e.g. "Peggy" vs "Margaret")

Two-factor authentication
  • What is it? When your credentials are used to log in, you must verify the login using another device (typically a mobile phone or tablet).
  • Why you need it? Many UWaterloo services require two-factor authentication before access is provided. These services include: Office 365, LEARN, Quest, Workday and the campus virtual private network (VPN) 
  • How do you get it? We use Duo Mobile. For more information on how to set this up, see Two Factor Authentication (scroll down to the yellow "Get started now" button).

Protecting your account: About those passwords....
  • Never share it. Your userid and password combination is of value. Anyone who has it can send email on your behalf access your HR and academic records, coursework, etc. Treat your password like your credit/debit card PIN.
  • IT staff will never ask for your password over the phone, in person or by email.
  • When you change your password, make sure you change it on your mobile devices too (or the repeated attempts with the old password may lock out your account).
  • For more tips, refer to our help page Tips on password changing after a compromise

Protecting your account: Fraudulent emails (phishing)
  • If an email claims to be related to a software, account or system upgrade, verify it with Health Computing.
  • Legitimate email will not have a threatening tone and you will be given ample time to respond (e.g. we don’t suspend accounts on 24 hours notice)
  • Look at the link before you click on it. If it is not obviously going to a UWaterloo website, then be very suspicious:
    • Hover your mouse over the link to see where it is going
    • On a mobile device, press and hold on the link (‘long press’) to see where the link is going
  • If you know the person who sent you the email but are uncertain, pick up the phone and call the person to verify that it is legitimate