IT solution center
192 Parks Library
Since March 2018, everyone using web-based campus applications such as Outlook or Cybox has been signing in via the Okta identity and access security platform, but not everyone is using multifactor authentication to do so. On March 1, it will be mandatory.
"If people do not take action prior to March 1, they will be prompted and required to enroll on that date," said Mike Lohrbach, director of enterprise services and customer success for information technology services (ITS). "We really recommend that employees enroll before the deadline."
Multifactor authentication (MFA) adds another step to the Okta login process and another layer of defense against cyberattacks that can compromise university systems and individual accounts.
MFA provides a one-time authentication code during the login process to verify the user's identity. Users have five factors to choose from when setting up MFA in Okta, including:
- Okta Verify mobile application
- Text message
- Phone call
- Google Authenticator
- Physical "YubiKey" token (similar to a USB drive)
Only one method is needed to sign in, but Lohrbach said users should activate multiple options. For example, if a user is unable to receive a text or access the mobile app, a phone call to his or her office number would be an option. Users select their preferred authentication method on the Okta login screen.
Users can activate and edit MFA choices on their Okta dashboard (login.iastate.edu).
"If someone hasn't enrolled, there will be an icon on their Okta dashboard that says 'activate multifactor authentication,'" said Darin Dugan, ITS identity services manager.
He said users should have all of their devices on hand when activating MFA, including phones, tablets and computers. Email on mobile devices will need to be reconfigured after activation, and Android users will have to use the Outlook mobile app.
"Be in your office or wherever you have the factors available, then click the icon and go through the process," Dugan said.
When signing in on single-user computers and devices, employees can select "do not challenge me on this device again" to skip the MFA step when using that web browser in the future. This is NOT recommended for shared or public-use computers.
Instructional videos and PDFs with step-by-step procedures for activating MFA are available on WorkCyte's "Ready, Set, Learn" page. Help also is available through the IT solution center (192 Parks Library, 294-4000, email@example.com) and local IT staff.
"Please read the information on the activation page carefully, and if you have questions and concerns, we highly recommend contacting your local IT personnel," Lohrbach said. "Issues with activation should be reported to the IT solution center."
Lohrbach and his team are working closely with IT colleagues in university units to get the word out about the March 1 deadline. Employees, especially supervisors, can help by sharing reminders -- for example, at office meetings.
More than 2,500 employees already activated MFA. New employees starting on or after Jan. 23 are required to use MFA. New students for the summer and fall semesters will be required to activate MFA, and all students will be required to use it by the end of 2019.
- Okta secure login debuts March 1, Feb. 22, 2018
- Get a feel for Okta as an early adopter, Jan. 25, 2018
- Another tool for cybersecurity, Nov. 2, 2017
- New platform will provide portal to multiple applications, April 20, 2017