MFA (Multi-Factor Authentication)

Single Sign-on (SSO) and Multi-Factor Authentication (MFA) at RIT

RIT is providing Multi-Factor Authentication to selected RIT information resources. All RIT faculty, staff, and student employees will be affected.

Who will be affected?

All faculty, staff, and student employees will use MFA when logging in to eBiz/myInfo.

What is SSO?

SSO (Single Sign-On) means that you are able to log into multiple RIT resources by entering your main RIT login and password. Currently, eBiz/myInfo requires you to maintain a password just for that resource. With Single Sign-On, you will use your main RIT login and password to access eBiz/myBiz/myInfo. 

What is MFA?

MFA (Multi-Factor Authentication) is a way of ensuring that only you are able to access your accounts on specific applications such as eBiz/myBiz, CLAWS, etc. Today, when you login to your myBiz/eBiz/myInfo account, you provide only a username and your password. Multi-Factor Authentication requires you to provide a second “factor” to prove that it is really you who is accessing your account. That second factor will be provided by Duo.

Many of you already use some form of Multi-Factor Authentication when logging into your personal banking accounts or when logging into your social networking accounts such as Facebook, Twitter, or even Gmail. That additional “factor” may be a number that you receive as a text message, a number that appears on a fob of some type, or even through a phone call in addition to your username and password. Multi-Factor Authentication is becoming more common.

How will RIT provide MFA?

We will be using a Multi-Factor Authentication service provided by Duo. When specific RIT applications are converted to Multi-Factor Authentication, you’ll be required to provide an additional “factor” to log in to that application. That factor can be provided in a number of ways, the most common being a smartphone app or text message, although there’s also the capability to have a token (fob) that generates the factor or even to tie that additional factor to your desk phone. Initially, we will provide Multi-Factor Authentication only to faculty, staff, and student employees.

What will I experience using MFA?

When specific RIT applications are converted to Multi-Factor Authentication, you will be required to provide an additional “factor” to log in to the application. You will receive that factor through a service provided by Duo. How you receive it will depend on which options you’ve selected when you enroll in the service. (Preferred options are a mobile app on your smartphone or a text message.)

Which applications will be converted to SSO/MFA?

We’ve started with CLAWS, an application used by RIT systems administrators. The next application will be myBiz/eBiz/myInfo, which is used by all RIT employees. There is a list of the applications that will be converted to Multi-Factor Authentication below. All applications, notably Exchange (mail), WILL NOT be converted at this time.

When will this conversion take place?

At the beginning of the benefits enrollment period, RIT will enable SSO (Single Sign-On) for eBiz/myInfo. At that time, you’ll start using your main RIT account password to access those applications. You’ll also be able to enroll in MFA (Multi-factor Authentication) voluntarily. (Before the winter break, you will be required to enroll in MFA.)

Why are we moving to MFA?

We are moving to Multi-Factor Authentication because it will better protect both your and RIT’s information.

During the 2017-18 academic year, several RIT people had their myBiz/eBiz/myInfo accounts compromised through phishing attacks. Using the compromised accounts, the attacker changed direct deposit bank account numbers so that funds from the RIT employees’ paychecks would have been deposited into someone else’s account. (No one at RIT lost any money, because the Controller’s office began monitoring direct deposit bank account number changes after the University of Rochester was attacked (and lost money) a couple of years ago.)

We are also providing Multi-Factor Authentication to protect student information stored in specific applications at RIT better.

Why will MFA make things better?

At most universities and in the corporate world, the most common way of acquiring passwords and then compromising accounts is through phishing. With Multi-Factor Authentication, even if someone surrenders his or her password in a phishing attack, the attacker will not be able to login to any RIT applications that use Multi-Factor Authentication. Your information will be safer. RIT information will be safer. Many universities and colleges across the world are now moving to Multi-Factor Authentication.

What support will ITS provide?

The ITS Service Desk (585-475-HELP) will be your point of contact for any problems or questions about MFA and Duo. They will be able to help you as needed.

For more information

Duo video explaining MFA (2FA)

ITS how-to information for MFA

 

Applications going to MFA

Application Notes
CLAWS  
myInfo/eBiz/myBiz  
Prosam  
Peoplesoft Subset of users only