To help combat the threat of phishing scams, data breaches, and compromised passwords, and give you an improved user experience, CIT is transitioning to a new service called Okta to handle single sign-on and ObieID password self service.
Password Self Service
With Okta as a foundation, CIT will be able to support additional security improvements including multi-factor authentication, but for the fall of 2019, CIT will primarily focus on Okta's password self service function.
You'll notice a few key improvements, designed to make your single sign-on experience easier and expand your options to protect your digital life:
With the introduction of Okta, CIT will continue adding more services to its single sign-on ecosystem. That means when you log in to one service, like Blackboard, you'll automatically be logged into lots of other services as well, like GSuite, Banner Self Service, Degree Works, and more. You'll have to enter your username and password many fewer times each day, streamlining your work.
Keep in mind that one log in allows access to a lot of your private information, so remember to log out of web browsers completely when you're using a computer in a lab or other shared environment.
OCPass allowed you to recover your password using a secondary email address or an SMS-capable phone number, but Okta expands on this idea and also allows you to recover your password via a voice call. Enter a phone number and Okta will call and give you an audio code to listen to that you can use to verify your identity.
Unlike OCPass, Okta has built-in password recovery, right from the login page.
Instead of requiring you to head out to a separate website, change your password, and go back to what you were doing, you can use the Need Help tab to change your password as soon as you forget it:
Okta Password Recovery Enrollment Experience
When you set up password recovery with Okta, you must provide a secondary (non-Oberlin) email address, an SMS-capable phone number, or a phone number where you can receive voice calls to receive temporary verification codes from Oberlin College. You'll use these codes to verify your identity and help keep your account secure.
The Okta enrollment process is simple — it takes fewer than five minutes to complete.
The single sign-on page you're used to now has a new look and feel.
Multi-Factor Authentication (MFA)
Passwords are no longer enough: we need Okta multi-factor authentication (MFA) to protect our financial data, our student data, and our research data, and also to protect the reputation of the College. Each year, sophisticated “phishing” schemes and other tactics lead to hundreds of ObieID accounts becoming “compromised” (accessible to unauthorized people), and that number continues to increase. Nationally, other universities have been adopting MFA for several years, and it’s time for us to join them. It’s our responsibility as good “digital citizens” to protect the data entrusted to our care.
MFA, powered by Okta, protects your ObieID account by verifying your identity with two forms of ID:
- Something you know, such as your password.
- Something you have, such as a passcode, a phone, or even a mobile app.
Some services, like your bank or healthcare portal refer to this as multi-factor login, two-step authentication, two-step verification, or login verification.
An authentication factor is a category of credential used for identity verification. For MFA, each additional factor is intended to increase the assurance that an entity requesting access to some system is who they are declared to be. The two most common categories are often described as something you know (the knowledge factor) and something you have (the possession factor).
When setting up Okta, Oberlin College will ask you to establish a relationship between your knowledge factor (your password) and a possession factor: the Okta Verify app, Google Authenticator, or a hardware token such as a YubiKey.
Passwords are not enough. They can often be stolen, guessed, or hacked, and you may not even realize your password has been compromised. With Okta MFA on your account, a compromised password doesn't have to mean a compromised account.
- Go to OberView (https://oberview.oberlin.edu) and launch the Manage My ObieID Account task.
- Enter your ObieID and password and click Sign In.
- Click on your name in the upper right portion of the menu bar. Click Settings.
- Scroll down to the Extra Verification section and click on Setup beside the factor you would like to use. Okta provides on-screen instructions on how to set up each factor.
Right now, MFA is not required to access any Oberlin system. In the future, however, CIT will begin to require MFA for many accounts.
You can increase the protection of your private data by choosing to enroll in MFA early.
Use a CIT knowledge base article to get answers to your Okta questions: