Password Self-Service and Multi-Factor Authentication
To help combat the threat of phishing scams, data breaches, and compromised passwords, and give you an improved user experience, CIT uses Okta to handle single sign-on, ObieID password self service, and multi-factor authentication.
Password Self Service and Single Sign-On
Okta's password self service function is designed to make your single sign-on experience easier and expand your options to protect your digital life:
CIT continues to add more services to its single sign-on ecosystem. That means when you log in to one service, like Blackboard, you'll automatically be logged into lots of other services as well, like GSuite, Banner Self Service, Degree Works, and more. You'll have to enter your username and password many fewer times each day, streamlining your work.
Keep in mind that one log in allows access to a lot of your private information, so remember to log out of web browsers completely when you're using a computer in a lab or other shared environment.
Okta allows you to recover your password using a secondary email address, an SMS-capable phone number, or a voice call.
Okta has built-in password recovery, right from the login page.
Instead of requiring you to head out to a separate website, change your password, and go back to what you were doing, you can use the Need Help tab to change your password as soon as you forget it:
Multi-Factor Authentication (MFA)
Passwords are no longer enough: we need Okta multi-factor authentication (MFA) to protect our financial data, our student data, and our research data, and also to protect the reputation of the College. Nationally, other universities have been adopting MFA for several years, and it’s time for us to join them. It’s our responsibility as good “digital citizens” to protect the data entrusted to our care.
MFA, powered by Okta, protects your ObieID account by verifying your identity with two forms of ID:
- Something you know, such as your password.
- Something you have, such as a passcode, a phone, or even a mobile app.
Some services, like your bank or healthcare portal refer to this as multi-factor login, two-step authentication, two-step verification, or login verification.
An authentication factor is a category of credential used for identity verification. For MFA, each additional factor is intended to increase the assurance that an entity requesting access to some system is who they are declared to be. The two most common categories are often described as something you know (the knowledge factor) and something you have (the possession factor).
When setting up Okta, Oberlin College will ask you to establish a relationship between your knowledge factor (your password) and a possession factor: the Okta Verify app, Google Authenticator, or a hardware token such as a YubiKey.
Passwords are not enough. They can often be stolen, guessed, or hacked, and you may not even realize your password has been compromised. With Okta MFA on your account, a compromised password doesn't have to mean a compromised account.
MFA will be required for all ObieID accounts by the end of the Fall 2020 semester.
Enrolling in Multi-Factor Authentication (MFA)
Before You Begin
Before you begin the enrollment process, make sure you have:
- Your ObieID. Your username beginning with your first initial and ending with the first seven letters of your last name. E.g., jsmith
- Your current ObieID password.
- A smartphone or YubiKey hardware token. Take a few minutes ahead of time review the Okta Multi-Factor Options at-a-Glance and decide whether you'll use your smartphone to enroll or would prefer to get a YubiKey.
Enrolling in MFA
- Go to the Okta account settings page at https://okta.oberlin.edu. Alternatively, launch the Manage My ObieID Account task in OberView.
- Enter your ObieID and password and click Sign In. When you sign in, you see a message indicating that "You don't have any apps." This is normal. Proceed to Step 3.
- Click on your name in the upper right portion of the menu bar. Click Settings.
- Scroll down to the Extra Verification section and click on Set up beside the factor you would like to use. Okta provides on-screen instructions on how to set up each factor.
MFA is required for all accounts and you must have either a smartphone that is compatible with Okta Verify or a YubiKey to set up MFA. If you are a current faculty member, staff member, or student, and require a need-based exemption or Okta Verify is not available through the app store in your home country, please contact firstname.lastname@example.org as soon as possible, including your ObieID and a brief explanation in your email. CIT staff will work with you on a case-by-case basis to find the best MFA solution for you.
If you are a graduate, professor or staff emeriti, or other category of ObieID account holder, you must have either a smartphone that is compatible with Okta Verify or purchase a YubiKey to continue to access resources using your ObieID account.