App scrubbing precedes sign-on dashboard move to Microsoft

As part of the university's commitment to using a single enterprise system (Microsoft), the sign-on dashboard and multifactor authentication will move from Okta to Microsoft by late summer. The dashboard site itself will look very similar to its current version and the sign-in location (login.iastate.edu) won't change.

"This is about all campus users working together in a secure and functional environment," said Amy Ward, manager of the identity services team in information technology services (IT). "Getting everyone in the same place means we can offer more enterprise options -- those that serve the whole campus."

Any software transition typically includes cleanup to get ready, so Ward and her team have spent more than a year reviewing for security purposes and removing hundreds of applications that were in the dashboard. The next proposed set is about 100 apps scheduled for removal on June 25. Employees or departments who use any of them should plan to transition to approved apps that will remain available, including the Microsoft collection.

Email address, not-Net ID, gets you in

Another change coming with the dashboard migration is that an individual's full ISU email address -- not just Net-ID -- will become the standard for signing in to applications and systems. The first change takes effect on Thursday, June 20, only for those signing in to campus networks via the VPN (virtual private network), typically from off campus. The change takes effect later this summer to provide consistency across all systems, from the sign-on dashboard to ISU's eduroam mobile connection. The campus community will receive more information prior to this change so all Cyclones are aware and sign-ons continue smoothly.

Better security with fewer apps

Apps placed on a removal list never were vetted for security, content or accessibility, Ward said. Some aren't being used at all or perhaps duplicate a service provided by Microsoft or another vetted app. Calendar, email and to-do list apps appear frequently on the removal list. Examples include Fantastical (a calendar app) or Bluemail (an email app). Others slated for removal are personal-use apps that don't serve a business purpose.

"Our goal is to focus our support on the enterprise applications, especially Microsoft," Ward explained. "For example, the functions in Outlook have expanded and improved so much in the last five years. I encourage employees to give these options a chance and to ask about options to fit their needs before requesting another application be installed."

Prior to last May, employees could use their Iowa State email to add applications to the dashboard. That liberty added nearly 2,800 apps to the platform, Ward said, thus the need to reduce the volume prior to the transition.

A window for rebuilding

The identity services team will move an estimated 800 approved apps to the Microsoft dashboard for university users. The late summer/early fall dates for that migration will be chosen with input from colleges and departments, Ward said.

An overlap from when the MS dashboard launches, tentatively late summer, and the Okta dashboard closes (by Dec. 31) will give individuals time to compare the two and manage their apps. Instructions will be shared later this summer.

To maintain the security and usability established in the Okta environment, once an app is removed, employees won't be able to access it with their Iowa State credentials.

What happens during vetting?

The current applications in Okta have been reviewed by a subject matter expert, IT security, IT digital accessibility and procurement (for its terms and conditions). Generally, to be approved an application must:

  • Serve a university business or academic purpose
  • Be in a secure environment
  • Not duplicate a function or service that's available in a vetted app

Questions about the dashboard move to Microsoft may be emailed to identitygovernance.