Educause Security Discussion mailing list archives
Re: Deploying MFA
From: "Davis, Kevin" <kedavis () DAVIDSON EDU>
Date: Mon, 3 Jul 2017 17:41:47 +0000
We are beginning to plan our Duo MFA roll-out at Davidson. We’re still developing a plan but current thinking is to take a three-pronged approach: 1) Mandatory for all central IT staff for RDP/ssh/SSO logins 2) For staff with known sensitive data access, mandatory for applications containing those data, more nuanced for others 3) Optional for all other faculty/staff - again, we may leverage some of Duo’s policies for certain use cases As a small college with high-touch support expectations, I’m expecting hands-on support for group (2), but fortunately that group is small, less than 100 people. We have the luxury of offering 1-to-1 outreach to these individuals to help them enroll. Of the key applications that we want to protect, we just finished moving one from local auth to SAML/ADFS, and have held up deploying SSO on the other until we could implement multifactor for groups (1) and (2) above. We have a separate project to roll out SSO to most of our other applications so will be looking to pull MFA along with it. Kevin -- Kevin Davis Deputy CIO & Director, Core Services Davidson College ITS On 7/3/17, 1:12 PM, "The EDUCAUSE Security Constituent Group Listserv on behalf of Reyor, William F." <SECURITY () LISTSERV EDUCAUSE EDU on behalf of wreyor () FAIRFIELD EDU> wrote:
We're getting prepared to roll out Duo here at Fairfield and are using the transition to a new ERP system as a way to boot strap the project and enroll everyone. We studied Yales deployment to benchmark against and found that the biggest challenge is often user communication and creating strategies to avoid user pushback. Thanks, Bill On Jul 3, 2017, at 1:05 PM, James Monek <jmm616 () LEHIGH EDU<mailto:jmm616 () LEHIGH EDU>> wrote: We are looking to deploy MFA at Lehigh University. I’m reaching out to find out how other universities approached this project. During the initial deployment, did you target specific data classifications, at risk systems or large services such as mail. Depending on your scope, was it opt-in or mandatory? How did you capture the second factor? Did you find you had to use different solutions for different applications/services? Jim -- James Monek Director, Technology Infrastructure & Operations Lehigh University - Library and Technology Services P: 610-758-5010 E: jamesmonek () lehigh edu<mailto:jamesmonek () lehigh edu> Follow Lehigh LTS at: Facebook: https://www.facebook.com/LehighLTS Twitter: https://twitter.com/lehighlts TIO Blog: https://wordpress.lehigh.edu/jmm616/
Current thread:
- Deploying MFA James Monek (Jul 03)
- Re: Deploying MFA Reyor, William F. (Jul 03)
- Re: Deploying MFA Davis, Kevin (Jul 03)
- Re: Deploying MFA Hamer, Christian (Jul 04)
- Re: Deploying MFA Joanna Grama (Jul 05)
- Re: Deploying MFA Reyor, William F. (Jul 03)