Securing the Single Sign-on Portal

[Josh Flaherty <Josh.Flaherty () INDSTATE EDU>]

Greetings,

Perhaps like many others, we are continuously adding applications that can be accessed through our single sign on 
portal.  Some of these applications are administrative and provide access to sensitive data.  We are taking a number of 
steps to reduce the risks associated with the portal but we are wondering what steps other entities are taking?

Do any of you have double or separate factor authentication for critical administrative applications provided within 
the portal?

Below are some of the things that we have/are effecting;

*         An "I have read this checkbox" containing security best practices upon first logon

*         Signs in security awareness campaign

*         Targeted announcements

*         Separate factor authentication for our main administrative application (although I am told the new version of 
Banner that we are going to no longer support separate user accounts)

*         Portal/Application timeouts
Thanks,

Josh Flaherty
Information Technology Security Officer
Office of Information Technology
Indiana State University