Effective February 25, 2026, Okta will replace both the current U-M Weblogin sign-in page and Duo for multi-factor authentication.
The new look and feel of the single sign-in experience provided by Okta will be different from the previous experience through Weblogin and Duo. Visit Signing in with Okta to see a side-by-side comparison of the Weblogin vs. Okta single sign-in screens.
Check the URL
When you log in on the web using the U-M single sign-in page, always check the URL before you enter your password. Many people at U-M receive phishing emails with links to fake U-M single sign-in pages. The fake pages look exactly like the real pages. When people log in to the fake page, their password is stolen, and their U-M account is compromised. The only clue that the page is fraudulent is the URL. Criminals may use pieces of that URL, but not the exact thing.
You can verify you are on the valid U-M single sign-in page by checking that the URL in the address bar of your browser begins with: okta.umich.edu/.
What If You Logged in to a Fake Single Sign-In Page?
These clues might lead you to think you accidentally logged in to a fraudulent page:
- After you log in, you see a login page again instead of being taken to the page or service you were expecting.
- After you log in, you see a document or page that is not what you were expecting.
If you think you may have been caught by this scam, do the following to minimize potential damage to your personal information and U-M account:
- Change your UMICH password immediately.
- Michigan Medicine users, change your UMICH password at lvl2.med.umich.edu.
- Report it as an IT security incident so ITS staff can check your account for signs of compromise.