University of Toronto Logo

Information + Technology Services

Small normal big

Implementation Plan

The completion of the eToken project will provide a service for issuing and managing of high assurance login credentials that can be used in a variety of ways. The following describes the project steps. Please refer to this section regularly for updated information. The following listserv has been set up for business process and technical discussion:

etoken-l@listserv.utoronto.ca

Subscribe by sending an email to listserv@listserv.utoronto.ca and in the body of the message:

SUBSCRIBE etoken-l firstname, lastname

Questions can be sent to the eToken project team at:

auth.admin@utoronto.ca

Project Update – May 1, 2015

 

The SecurID service end-of-life has been set to June 30, 2015. All current users of SecurID must be issued eTokens and desktop client software be installed/updated by this time. There are some applications that will require additional work before the eToken switchover but these are small in number. Please review the following information for business and IT staff:

For department/division eToken administrators:

  1. You will need to enroll all existing SecurID card holders using the eToken management software tool SAM.
  2. If you use the eToken billing application, then new eToken holders must be entered.
  3. Please contact auth.admin@utoronto.ca for blank eTokens.
  4. When issuing eTokens, please retrieve active SecurID cards for storage or de-activation.
  5. If you need assistance during the migration, please contact auth.admin@utoronto.ca.

For department/division IT staff:

The desktop software installation procedures are described below under the Aug. 19, 2014 update. If you need assistance during the migration, please contact auth.admin@utoronto.ca.

 

Project Update – Aug. 19, 2014

 

The SecurID expiration date of October 31 is approaching quickly. Please review the following information for business and IT staff:

For department/division business staff:

Business staff at departments and divisions should have received information on the new eToken product including lists of affected staff and eToken management requirements. A number of department staff have received demonstrations and training on eToken management. The billing application, intended for use by departmental staff to manage the chargeback for the eToken service is now available – documentation at:

http://main.its.utoronto.ca/its-units/isea/etokens/for-department-administrators/etoken-department-administrator-procedures/

If you have any questions regarding eToken management or are missing information, please email: auth.admin@utoronto.ca Some further information:

  1. New SecurID card availability will be phased out in Sept. and Oct. as the eToken deployment proceeds.
  2. ETokens must replace SecurID cards expiring on Oct. 31. For SecurID cards that expire later, they can continue to be used if desired. If it is desired to replace all SecurID cards, please inform the project staff at auth.admin@utoronto.ca. No refunds on existing SecurID cards is available.
  3. ISEA can enroll eTokens for departments/divisions for the Oct. 31 expiry event if desired. They will be delivered by Aug. 31, 2014.
  4. On-site eToken management training and demonstrations is available – please request by email to auth.admin@utoronto.ca.
  5. Please return expired or unexpired (if not being used) SecurID cards to Information Security, ITS, 4 Bancroft Ave. for recycling/re-use.

 

For department/division IT staff:

There are a number of changes to desktop client software  that are required. Here is a step-by-step procedure which can be used in together with the application docs in the ‘technical’ section on this site at: http://main.its.utoronto.ca/its-units/isea/etokens/technical-information. This process can take from 10 min. to 45 min. depending upon the client needs.

  1. Install the SafeNet Authentication Client.
  2. Install the Cisco AnyConnect client. Start the client and set the server name on the client to port.eis.utoronto.ca.
  3. The remainder of these notes are specific to clients users may or may not use. Once completed, there will be two sets of desktop icons: one set for SecurID access, the other set for eToken. Either method can be used until the securID card expires.
  4. If ROSI HostExplorer is used, upgrade the client to version 14, install service pack 10, install the hotfix. See the technical doc for configuration.
  5. If SAPgui is used, a set of desktop icons is added – no software change is required.
  6. If Rocketshuttle is used, change the configuration as described in the technical docs.
  7. If ROSI Express is used, then the browser may or may not need configuration. IE needs no configuration, Firefox may need configuration to use the eToken, Chrome needs no configuration.

 

Replacement of SecurID – Feb. 15, 2014

 

The eToken device will replace the SecurID card in use today. The migration of SecurID to eToken is described as follows:

  1. The cost of the eToken service is as follows: $33 per year per staff member who is assigned an eToken. Note this is a savings of 20% over the cost of the SecurID card. Chargeback forms will be sent to departments on May 1 of each year. SPECIAL:  For the initial rollout of eToken, the cost for the first year, 2014, will be half price – $16.50 and a billing date of Nov. 1 2014.
  2. Departments can continue to use the SecurID cards that they have purchased for their staff for as long as they are valid. The next major renewal date for SecurID cards is October 31, 2014 when 1500 SecurID cards will expire. This year, holders of those cards will be issued an eToken to replace the SecurID card. Departments wishing to issue eTokens to staff sooner than the SecurID expiry date or to take advantage of the special price may do so.
  3. The services that are now accessible via SecurID are accessible via eToken with the following exceptions – the ROSI Express and the AMS Nakisa applications. Integration with these apps is expected to be complete in the next couple of months. Users who migrate to eToken during that time can keep their SecurID cards if necessary to access those services.
  4. There is no change to the processes of assigning authorization to ROSI and AMS applications.
  5. Departments can choose to issue eTokens to their staff that need them. There is a web application that can be used to that purpose – see the link in the menu ‘For Department Administrators’  for more information. It is suggested that the eToken ‘Department Administrator’ be chosen from the business or administrative staff since the issuance and use of eTokens is a chargeable item. In a large department, it is advisable to choose two or three such staff to cover for vacations and absences.
  6. The Information Security group will endeavor to assist with the eToken deployment this year, if necessary, by creating eTokens for staff and sending them to departments for distribution.
  7. Departmental IT staff should review the desktop client requirements in the Technical Information section. Most of this work can be done well in advance of users switching to eTokens from SecurID.