Security Awareness Training (SAT) Platform
The University of Toronto uses the Security Awareness and Training (SAT) platform to deliver cyber security training, run monthly phishing simulations, and track each user's risk score. The platform is provided to U of T by ORION and CIRA (the Canadian Internet Registration Authority).
All onboarded Chemistry staff, faculty and librarians have access. This page tells you how to sign in, what to expect, and how to get help.
How to sign in
- Go to
https://uoft.cyberaware.d-zone.ca/sso. - You will be redirected to U of T Weblogin. Sign in with your UTORid and password.
- Complete the UTORMFA prompt if challenged.
Bookmark the /sso URL above. It uses U of T single sign-on, so there is no separate password to remember.
What you will see
After signing in, your personal dashboard shows:
- Your current risk score and what is influencing it.
- Required and optional training modules. Each module takes about 5 to 10 minutes.
- A history of completed courses, quizzes and phishing simulations.
Initial onboarding is five modules and takes about an hour in total. Quarterly refresh modules add up to roughly two hours of training across the year.
Finding and printing your completion certificate
Once you finish the onboarding modules, the SAT platform issues a UofT Onboarding Completion Certificate. To view, save, or print it, follow these five steps:
- Sign in to
https://uoft.cyberaware.d-zone.ca/sso. - Click the Education tab at the top of the page.
- Scroll to the My Certificates card on the right side of the Education page.
- Click the certificate name (UofT Onboarding Completion Certificate). The certificate opens in your browser.
- Press Ctrl+P (Windows) or Cmd+P (Mac) to print, or choose Save as PDF in the print dialog to keep a digital copy.
Reporting phishing
If you receive a suspicious email (real or simulated), use the U of T Report Phishing button in Outlook. The button submits the message to Central ITS and also records the report in CIRA, which is what improves your SAT risk score.
Supported clients for the Report Phishing button
- Outlook 2013 and above (Windows desktop, Mac desktop, or browser)
- Microsoft 365 / Office 365 Outlook on the web
- Outlook app for iOS
- Outlook app for Android
If the button is not available
If you are in a shared mailbox, an unsupported email client, or webmail without the button, forward the suspicious message as an attachment to report.phishing@utoronto.ca. This still counts as a report and is recorded against your SAT account.
Your risk score
The risk score is a numerical value from roughly 500 up to several thousand. Lower is better. The score is shaped by four factors:
- Awareness: training completion and quiz performance.
- Exposures: known third-party breaches your email address has appeared in.
- Incidents: clicking, replying to, or opening attachments in phishing simulations.
- Rewards: positive actions, like correctly reporting phishing.
Incidents and rewards decay over 365 days, so older events affect your score less over time. Even after completing every module and reporting every simulation, the minimum score is 500, not zero. That reflects risks that are outside any individual's control, such as zero-day attacks and third-party data breaches.
How to improve your score
- Complete all assigned training and surveys promptly.
- Use the Report Phishing button on any suspicious message.
- Keep your UTORid and personal account passwords unique and stored in a password manager.
- Keep UTORMFA enabled on all U of T accounts.
Privacy
The SAT platform tracks training completion, phishing simulation results, and your risk score. Central ITS publishes full details of what is collected and how it is used on the SAT Foundations privacy information page.
Help and contacts
- ChemIT (your local help desk): chem.it@utoronto.ca, Lash Miller Building Room LM18.
- SAT program (Central ITS): SAT Foundations project page.
- SAT FAQs: security.utoronto.ca/programs/satp/foundations-project/faq.
- Report a security incident: security.utoronto.ca/report-an-incident.