To help combat the threat of phishing scams, data breaches, and compromised passwords, and give you an improved user experience, CIT is transitioning to a new service called Okta to handle single sign-on and ObieID password self service.

Password Self Service

With Okta as a foundation, CIT will be able to support additional security improvements including multi-factor authentication, but for the fall of 2019, CIT will primarily focus on Okta's password self service function.

You'll notice a few key improvements, designed to make your single sign-on experience easier and expand your options to protect your digital life:

With the introduction of Okta, CIT will continue adding more services to its single sign-on ecosystem. That means when you log in to one service, like Blackboard, you'll automatically be logged into lots of other services as well, like GSuite, Banner Self Service, Degree Works, and more. You'll have to enter your username and password many fewer times each day, streamlining your work.

Keep in mind that one log in allows access to a lot of your private information, so remember to log out of web browsers completely when you're using a computer in a lab or other shared environment.

OCPass allowed you to recover your password using a secondary email address or an SMS-capable phone number, but Okta expands on this idea and also allows you to recover your password via a voice call. Enter a phone number and Okta will call and give you an audio code to listen to that you can use to verify your identity.

Unlike OCPass, Okta has built-in password recovery, right from the login page.

Instead of requiring you to head out to a separate website, change your password, and go back to what you were doing, you can use the Need Help tab to change your password as soon as you forget it:

Image shows a screenshot of the login page with the "Forgot your ObieID or Password?" link highlighted.

Once you have created your account, you will be taken to the Okta Self Service account page. This is the page you will visit when you need to reset your password in the future. You can return to the Okta account page through the Manage my ObieID Account task in OberView.

Deferring the Enrollment Process

If you encounter the Okta enrollment page at an inconvenient time, you defer your initial enrollment and continue to log in normally. To do so, choose the "I do not have a secondary email address" radio button in the first section and click Create My Account at the bottom. You will be reminded on the first of the month to enroll.

Using an Email Client

If you use a desktop or mobile email client such as Mail, Thunderbird, or Outlook, you will be prompted for the same enrollment when you use your app. The app will also ask you to authenticate again once every 30 days.

If you have trouble enrolling for the first time while using your app, we recommend going to a web browser and initiating your enrollment from the Manage My ObieID Account task in OberView instead.

Multi-Factor Authentication (MFA)

Passwords are no longer enough: we need Okta multi-factor authentication (MFA) to protect our financial data, our student data, and our research data, and also to protect the reputation of the College. Each year, sophisticated “phishing” schemes and other tactics lead to hundreds of ObieID accounts becoming “compromised” (accessible to unauthorized people), and that number continues to increase. Nationally, other universities have been adopting MFA for several years, and it’s time for us to join them. It’s our responsibility as good “digital citizens” to protect the data entrusted to our care.

MFA, powered by Okta, protects your ObieID account by verifying your identity with two forms of ID:

  • Something you know, such as your password.
  • Something you have, such as a passcode, a phone, or even a mobile app.

Some services, like your bank or healthcare portal refer to this as multi-factor login, two-step authentication, two-step verification, or login verification.

An authentication factor is a category of credential used for identity verification. For MFA, each additional factor is intended to increase the assurance that an entity requesting access to some system is who they are declared to be. The two most common categories are often described as something you know (the knowledge factor) and something you have (the possession factor).

When setting up Okta, Oberlin College will ask you to establish a relationship between your knowledge factor (your password) and a possession factor: the Okta Verify app, Google Authenticator, or a hardware token such as a YubiKey.

Passwords are not enough. They can often be stolen, guessed, or hacked, and you may not even realize your password has been compromised. With Okta MFA on your account, a compromised password doesn't have to mean a compromised account.

  1. Go to OberView (https://oberview.oberlin.edu) and launch the Manage My ObieID Account task.
  2. Enter your ObieID and password and click Sign In.
  3. Click on your name in the upper right portion of the menu bar. Click Settings.
  4. Scroll down to the Extra Verification section and click on Setup beside the factor you would like to use. Okta provides on-screen instructions on how to set up each factor.

Right now, MFA is not required to access any Oberlin system. In the future, however, CIT will begin to require MFA for many accounts.

You can increase the protection of your private data by choosing to enroll in MFA early.

CIT Support during the Transition

The transition to Okta is a significant change and we want to ensure that you have the support you need to get logged in right away.

Help Desk Support

On Tuesday, October 22, the CIT Help Desk staff will be available via phone beginning at 1:00 AM EST and phone support will continue until 9:00 p.m. EST. If you'd prefer to get help in person, staff will be in the Academic Commons on the main level of Mudd Center on Tuesday from 8:00 a.m. until 5:30 p.m.

Our professional and student staff members can assist you with setting up your password recovery options, walking you through how to change your password if you've forgotten it or it has expired, or getting multi-factor authentication set up for your account. They can also help if you need to defer your enrollment.

If you're returning to campus after Fall Break, we'll have extended hours over the weekend as well.

Self-Help Options

If you would prefer to use a knowledge base article to get answers to your Okta questions, try any of the following resources:

How to Enroll in Okta Password Self Service

How to Enroll a Departmental or Organization Account in Okta Password Self Service

How to Voluntarily Change Your ObieID Password using Okta

How to Change Your Forgotten or Expired Password Using Okta

Multi-Factor Authentication FAQs