There is growing acceptance of the need to design online access services that are used with high value applications to provide higher assurance of identity than UTORid plus password alone. Assurance levels are used to classify technology and practices that limit unauthorized and fraudulent access. Assurance levels are matched to the value and risk of the application being protected. This matching is done based on threat-risk analyses of the applications to be protected. This site describes new procedures and tools to implement and use high assurance authentication tools and practices for online access to University services such as ROSI, AMS, and others that deal with sensitive infomation.
The University has used the SecurID product for a number of years to provide high assurance access to ROSI student records systems and the SAP administrative systems. This service has been effective in achieving the goal of contributing to the prevention of unauthorized access to these applications to such a degree that there is a need and desire to make wider use of the service to protect more services such as enterprise web applications and privileged access to systems. After testing of various technologies, a new product has been chosen to replace the use of SecurID – the SafeNet eToken cryptographic smartcard. The new service will provide a number of improvements over the existing SecurID service at reduced cost. Here is a list of the services’s features:
The eToken has been tested to work with a number of web and non-web clients inlcuding: Apache and IIS web servers, weblogin – the institutions’s webSSO service, SAPgui client and ROSI administrative clients. There is a web-based management application which can be used by department staff to assign new eTokens, remedy the lost or forgotten token problem, and assist users with usability issues without needing to wait for central support. These features are provided at a per unit cost of 80% of the typical SecurID cost.
The site includes support documentation to business process and technical staff. Both groups are key to the successful operation of online access services as can be seen from the access system fundamentals section below. If you are a department business person or end user, please use the Business Process Information link on the left. If you have a technical interest in the service please check the Technical Information link.