Multifactor authentication and its companion solution, single sign-on, are components of identity and access management, an approach that seeks to better control who is on a network and what they can access. MFA requires that users identify themselves with more than a login and password; factors can include biometrics (such as a fingerprint or face recognition scan), location information, a physical smartcard or security key, or a simple tap on an authenticated device.
SSO allows people to log in to a system with one set of credentials to access multiple applications. Both solutions typically provide high visibility to administrators, so they can easily add and remove users and give them access to only the tools and information for which they are authorized.
These technologies are now considered essential elements of a zero-trust environment, meant to keep universities and their constituents safe from bad actors.
“Many universities have been using these types of identity and access management technologies for a long time, but there are a couple of things that are changing simultaneously,” says Jesse Goldhammer, managing director in Deloitte’s cyber and strategic risk practice. “One is that the threats that universities face are getting a lot more sophisticated. The other is that university technologies are often using a mix of on-premises and cloud resources. And for the most part, they are highly decentralized, making it a lot more complex to use IAM tools.”
As Marian and other schools experienced, the complexity of the overall IT environment is just one factor in a successful MFA and SSO rollout.
RELATED: The top 3 reasons to modernize your university’s IAM program.
A Successful MFA and SSO Rollout Requires Campuswide Support
Stanley began his journey to MFA by surveying what his colleagues were doing.
“We have 32 Independent Colleges of Indiana schools, and almost everyone was using Cisco Duo,” he says. “We’re a Cisco shop. We use Cisco products very heavily in our switching, access points, routers and firewalls. It made sense to go with Cisco. The pricing was right for us, as well as the integration.”
The school first launched Duo’s MFA solution to 1,400 faculty and staff members.
“I introduced the concept at a faculty assembly, and I got pushback at first,” Stanley says. “I explained that they were already using MFA every day, when they log in to their back accounts or when they get a text and have to enter a code. I also addressed their concerns and configured Duo so that you authenticate once and you’re set for the entire day.”
Stanley continues, “After those initial steps, we got it rolled out very quickly without much broken glass. There were a ton of questions the first week. Once those were resolved, the rollout was uneventful. Everything worked like it should.”