ITS Multifactor Authentication Rollout for Faculty and Staff a Success

Mar 21, 2019

As part of an effort that will help protect university information and personal data from security breaches, Iowa State University Information Technology Services (ITS) recently completed a campaign to enroll faculty and staff into its new Okta Multifactor Authentication (MFA) protocol.

Identity and access security platform Okta was put in place last year to better protect personal information and identities on campus. MFA — which introduces another step to the login process — became available to campus last March through the cloud-based service, with March 5, 2019, set as the deadline for university faculty and staff to enroll. Over the course of a one-year-long targeted enrollment campaign coordinated by ITS and departmental IT staff across campus, over 9,600 university employees have been registered for MFA.  

“We have accounted for one hundred percent of Iowa State employees in this initiative,” said ITS Director of Enterprise Services and Customer Success Mike Lohrbach. “The greatest challenge was communicating with campus and putting Okta into place in a minimally disruptive way, and it’s the efforts of all ITS employees and departmental IT staff that made it possible. This is a success for campus.”

Iowa State is an attractive target for cybercriminals because of the quantity of research data, personal information, and staff and student accounts it hosts. MFA adds another step to the login process, such as a single-use security code necessary for account access texted to users, or the use of an app installed on a mobile device. 

Using MFA reduces the chance of stolen login information being used to send spam, divert direct deposits, change tuition payments, or cancel registration, all to have funds sent to a hacker’s account or gain access to restricted data.

“Multifactor authentication is critical to protecting individual and university data,” said ITS Identity Services Manager Darin Dugan. “Passwords can be cracked, stolen, or given away. Good secondary factors cannot.”

Since the initial rollout of Okta and MFA, Iowa State has experienced a nearly 50 percent decrease in the number of university accounts compromised by phishing attacks (attempts by cybercriminals to obtain usernames and passwords to access personal information and restricted data), following a seven-year high in 2017.

With all Iowa State faculty and staff enrolled in MFA, the next step for ITS is to enroll students. MFA will be required for new students starting in summer 2019, and for current students, the deadline to enroll will be by the end of the calendar year.

As of fall 2018, there were 34,992 students enrolled at Iowa State, of whom approximately eight percent are already registered for MFA.

Students are encouraged to enroll in MFA ahead of the mandatory registration date by accessing their Okta dashboard at login.iastate.edu. Five additional factors are available to use to confirm a user’s identity through the MFA process: mobile device apps Okta Verify and Google Authenticator, SMS (text messages), voice call authentication, and YubiKey, a device similar to a flash drive.

For assistance with enabling MFA, contact the IT Solution Center (192 Parks Library, 515-294-4000, solution@iastate.edu).