To help combat the threat of phishing scams, data breaches, and compromised passwords, and give you an improved user experience, CIT is transitioning to a new service called Okta to handle single sign-on and ObieID password self service.
Password Self Service
With Okta as a foundation, CIT will be able to support additional security improvements including multi-factor authentication, but for the fall of 2019, CIT will primarily focus on Okta's password self service function.
You'll notice a few key improvements, designed to make your single sign-on experience easier and expand your options to protect your digital life:
With the introduction of Okta, CIT will continue adding more services to its single sign-on ecosystem. That means when you log in to one service, like Blackboard, you'll automatically be logged into lots of other services as well, like GSuite, Banner Self Service, Degree Works, and more. You'll have to enter your username and password many fewer times each day, streamlining your work.
Keep in mind that one log in allows access to a lot of your private information, so remember to log out of web browsers completely when you're using a computer in a lab or other shared environment.
OCPass allowed you to recover your password using a secondary email address or an SMS-capable phone number, but Okta expands on this idea and also allows you to recover your password via a voice call. Enter a phone number and Okta will call and give you an audio code to listen to that you can use to verify your identity.
Unlike OCPass, Okta has built-in password recovery, right from the login page.
Instead of requiring you to head out to a separate website, change your password, and go back to what you were doing, you can use the Need Help tab to change your password as soon as you forget it:
Okta Password Recovery Enrollment Experience
Beginning on Tuesday, October 22, you will need to enroll in Okta password self-service before you can access any single sign-on service. You can use Okta to get back into your ObieID account when you don't have your password or it has expired.
When you set up password recovery with Okta, you must provide a secondary (non-Oberlin) email address, an SMS-capable phone number, or a phone number where you can receive voice calls to receive temporary verification codes from Oberlin College. You'll use these codes to verify your identity and help keep your account secure.
The Okta enrollment process is simple — it takes fewer than five minutes to complete.
The single sign-on page you're used to now has a new look and feel. This page will be displayed any time you log in to a single sign-on service such as Blackboard, Degree Works, Banner Self Service, OberView, and more.
1. Enter your ObieID and password (or the username and password for your department or organization account). Click Sign In.
If you do not know your password, you will need to go to https://ocpass.oberlin.edu and change it before proceeding.
2. Enter a secondary, personal email address at which you can be contacted if you ever forget your password. If you do not have a secondary email address, choose the second radio button and continue to the next section.
3. Next, under the Forgot Password Text Message header, select Add Phone Number. Enter an SMS-capable phone number for at which you can be contacted if you ever forget your password. Click Send Code to immediately send a code to that phone. Enter the SMS code you receive and click Verify.
If you do not have an SMS-capable phone number, continue to the next section.
4. If you don't want to recover using SMS, you can instead receive a code via a voice call. This is a good option for staff members who have a phone at their work station. Select Add Phone Number under the Forgot Password Voice Call and enter your phone number. Click Call to immediately call that phone. Listen to the call, enter the spoken code, and click Verify.
5. Click Create My Account.
Once you have created your account, you will be taken to the Okta Self Service account page. This is the page you will visit when you need to reset your password in the future. You can return to the Okta account page through the Manage my ObieID Account task in OberView.
Deferring the Enrollment Process
If you encounter the Okta enrollment page at an inconvenient time, you defer your initial enrollment and continue to log in normally. To do so, choose the "I do not have a secondary email address" radio button in the first section and click Create My Account at the bottom. You will be reminded on the first of the month to enroll.
Using an Email Client
If you use a desktop or mobile email client such as Mail, Thunderbird, or Outlook, you will be prompted for the same enrollment when you use your app. The app will also ask you to authenticate again once every 30 days.
If you have trouble enrolling for the first time while using your app, we recommend going to a web browser and initiating your enrollment from the Manage My ObieID Account task in OberView instead.
Multi-Factor Authentication (MFA)
Passwords are no longer enough: we need Okta multi-factor authentication (MFA) to protect our financial data, our student data, and our research data, and also to protect the reputation of the College. Each year, sophisticated “phishing” schemes and other tactics lead to hundreds of ObieID accounts becoming “compromised” (accessible to unauthorized people), and that number continues to increase. Nationally, other universities have been adopting MFA for several years, and it’s time for us to join them. It’s our responsibility as good “digital citizens” to protect the data entrusted to our care.
MFA, powered by Okta, protects your ObieID account by verifying your identity with two forms of ID:
- Something you know, such as your password.
- Something you have, such as a passcode, a phone, or even a mobile app.
Some services, like your bank or healthcare portal refer to this as multi-factor login, two-step authentication, two-step verification, or login verification.
An authentication factor is a category of credential used for identity verification. For MFA, each additional factor is intended to increase the assurance that an entity requesting access to some system is who they are declared to be. The two most common categories are often described as something you know (the knowledge factor) and something you have (the possession factor).
When setting up Okta, Oberlin College will ask you to establish a relationship between your knowledge factor (your password) and a possession factor: the Okta Verify app, Google Authenticator, or a hardware token such as a YubiKey.
Passwords are not enough. They can often be stolen, guessed, or hacked, and you may not even realize your password has been compromised. With Okta MFA on your account, a compromised password doesn't have to mean a compromised account.
- Go to OberView (https://oberview.oberlin.edu) and launch the Manage My ObieID Account task.
- Enter your ObieID and password and click Sign In.
- Click on your name in the upper right portion of the menu bar. Click Settings.
- Scroll down to the Extra Verification section and click on Setup beside the factor you would like to use. Okta provides on-screen instructions on how to set up each factor.
Right now, MFA is not required to access any Oberlin system. In the future, however, CIT will begin to require MFA for many accounts.
You can increase the protection of your private data by choosing to enroll in MFA early.
CIT Support during the Transition
The transition to Okta is a significant change and we want to ensure that you have the support you need to get logged in right away.
Help Desk Support
On Tuesday, October 22, the CIT Help Desk staff will be available via phone beginning at 1:00 AM EST and phone support will continue until 9:00 p.m. EST. If you'd prefer to get help in person, staff will be in the Academic Commons on the main level of Mudd Center on Tuesday from 8:00 a.m. until 5:30 p.m.
Our professional and student staff members can assist you with setting up your password recovery options, walking you through how to change your password if you've forgotten it or it has expired, or getting multi-factor authentication set up for your account. They can also help if you need to defer your enrollment.
If you're returning to campus after Fall Break, we'll have extended hours over the weekend as well.
If you would prefer to use a knowledge base article to get answers to your Okta questions, try any of the following resources: