Confirm your sign-on verification factors prior to dashboard change

As announced last month, Information Technology Services (ITS) is transitioning the university's sign-on dashboard from Okta to Microsoft. Faculty and staff can anticipate a change in August to how they log in to university systems. And to get ready, they should take care of a few tasks yet this month to minimize any interruptions in the transition.

"We are shifting the sign-on dashboard and multifactor authentication (MFA) to Microsoft, which gives us security benefits and creates a more seamless environment with the university's other Microsoft applications," said Amy Ward, ITS identity services manager. She noted the university first introduced a two-step verification for the log-in process, along with the Okta dashboard, in 2017.

The Microsoft dashboard will look and function much the same as the current Okta dashboard. Employees still will go to login.iastate.edu to sign in to Iowa State apps, complete two-step verification (for example, entering a code received via text) and see a page of their available apps.

For more than a year, the identity services team has been vetting, removing and approving hundreds of apps on the Okta dashboard in preparation for the migration to Microsoft.

Update your multifactor authentication factors

In preparation for the move, employees are asked to confirm or update their verification factors in the Okta sign-on dashboard. In early August, ITS will transfer campus users' verification factors to Microsoft. Before then, all faculty and staff should:

Ward emphasized that not all methods can be transferred.

  • Verification methods that automatically will transfer: SMS/text and voice call.
  • Verification method no longer available: Okta Verify app.
  • Verification method to become available: Microsoft Authenticator app.
  • Verification methods available, but user will need to set up again in Microsoft: Google Authenticator, YubiKey.

In addition, any contact information employees provided for self-service password reset, including a phone number and secondary email, will be transferred.

"A significant effort has been made to prepare for this change and to make it as easy as possible for campus," Ward said. "We'll send a series of emails -- at various checkpoints -- to remind everyone of the steps they need to take and what changes to expect."

July 23: Full email needed to log in

As part of ITS' efforts to update the systems protecting users' digital identities, next week it will implement one of the more noticeable changes for users: requiring a full email address (Net-ID@iastate.edu) at sign-in, instead of Net-ID only, to provide an extra layer of protection for campus. This change will occur on Tuesday, July 23, for logins to all Iowa State services.

When Iowa State implemented Okta in 2017, Ward said the system was customized to allow users to sign in using their shorter Net-ID. With the move away from Okta, this feature will go away.

Project timeline

Most of the changes in ITS' digital identity protection project will occur in the next six weeks, with other milestones in the coming months. Ward said most of her team's work to date has occurred in the background, but starting in August, changes will be more visible to the campus community.

  • Late July: all faculty and staff are encouraged to review and update their MFA methods, making sure they have either SMS text or voice call set up.
  • Early August: Users' MFA factors will be transferred to the Microsoft sign-on dashboard.
  • Mid-August: The Microsoft sign-on dashboard will be available to all of campus and will be the preferred MFA provider. login.iastate.edu will direct you to the Microsoft sign-on dashboard.
  • This fall: Both the Microsoft and Okta sign-on dashboards will be available. The Okta dashboard should be used only as a reference to customize your Microsoft dashboard.
  • Late 2024: Access to the Okta sign-on dashboard will end.

 

Related story: