Two-factor authentication replacement (Duo) project

ID: 295672
96 %

Status

Project is 96 % complete, starting on Tue 10/10/17 and ending on Fri 1/18/19.

In Process [In Process]

96% complete, updated on Fri 12/7/18 11:04 AM by Mary Brooks

Changed percent complete from 95% to 96%.
Accomplishments:
> Continued rewriting Cluster Mgmt (wrapping up) and Quick Links (in progress) Grails apps
> Prepped for and held project check in on 12/6 11:15am, reviewed and ordered all maintenance activities; implementation tasks will take place between 7:30am-5:00pm on 12/19
> Continued refining and sending communication/KB/Service Desk information/notifications for upcoming Duo roll out; supplied Duo info at open houses
> Continued user enrollments in Duo ~8,000

Plans:
> Continue rewriting 7 applications written in Grails that will not work with CASv5 - 1-Cluster Mgmt, 2-Quick Links, 3-Grade Change Alert, 4- Online Courses Fraud Alert, 5-Change of Program, 6- iPlan, 7-PersonalInfo (if app still needed)
> Project check in on 12/13 11:15am; all maintenance activities to be added/updated on TD ticket # 4959518
> Continue refining and sending communication/KB/Service Desk information/notifications for upcoming Duo roll out; supply Duo info at departmental events as needed
> Continue user enrollments in Duo
> Duo and CAS5 Enterprise go live date is 12/19/18; 12/19/18-1/18/19 project warranty period, decommission CASv3

Details

Dates
Tue 10/10/17 - Fri 1/18/19
Acct/Dept
Information Technology Services
Service
IT Security & Policy / IT Security Overview
Type
Change / Software Upgrade
Health
Green - On track
Portfolio(s)
Classification
Fixed Schedule
Requirements
This is to replace the existing two-factor authentication system with a commercial product. Once installed, we will work to transition all web logins for all Miamians to require two-factor authentication.

Must haves:
Duo is the preferred solution. It is cloud-hosted, so no additional hardware or software should be needed beyond software to integrate the solution with CAS
Two-factor solution for users who don’t have smart phones
Admin VPN and Linux hosts will be required to move to Duo support
Open two-factor will be turned off/removed
Communication to the University must be exhaustive including:
Faculty
Current, New, and Transfer Student communications
Parents
Service owners/administrators (applications currently using CAS)
Regionals
All others
Open Two-Factor needs to be decommissioned to move everything using TFA currently (VPN, Linux, etc)
Onboarding guides for Students and Staff
Training for Solution Delivery Support and Blackboard support staff
HybridAuth (authentication cloud deployment)

Nice to haves:
Windows users will be required to use Duo
Created
Wed 11/29/17 2:37 PM
Modified
Fri 12/7/18 11:04 AM
mu.prjct.Regulatory
Is this project required to meet a regulatory requirement (legislation, law, etc) that cannot be accomplished with current process.
No
Project Team Name
Project Team Name with multiple choice list. More than one selection may be added.
Agile Ninjas
East
Enterprise Operations
Pi
Pirates
Security, Compliance and Risk
Solution Delivery Support
Star Blazers
The Sharks
while(sprint)doWork();
Solution Delivery
Suggested Solution
Have you researched a solution to the issue? Will additional hardware or software be needed? What are the benefits to the end users?
Yes, and Duo is the preferred solution. It is cloud-hosted, so no additional hardware or software should be needed beyond software to integrate the solution with CAS

Value Engineering

Architectural Significant Change
Will this project significantly change and application or infrastructure?
Yes

Description

This is the replace the existing two-factor authentication system with a commercial product. Once installed, we will work to transition all web logins for all Miamians to require two-factor authentication. Elimination of phishing attacks against our users and a significant decrease in, if not elimination of, compromised account tickets for the help desk. We typically average around 1,000 of those tickets per year.

Intangible Benefits

Elimination of phishing attacks against our users, and a significant decrease if not elimination in compromised account tickets for the help desk. We typically average around 1,000 of those tickets per year. 

Manager(s)

Stakeholders (10)

BS
Assoc VP Stdt Enrollment Serv
Consulted, Informed
EMSS representative
Mon 3/5/18 10:46 AM
DW
Director One Stop Services
Consulted, Informed
EMSS One Stop Representative
Wed 11/29/17 3:11 PM
JB
Interim AVP Sec Compl&RiskMgmt
I don't see a clear way to indicate that this will impact all users at Miami.
Thu 8/31/17 11:11 AM
JM
Informed
Bookstore representative
Mon 3/5/18 10:49 AM
PS
Application Analyst/Developer
Informed
EMSS technical representative
Mon 3/5/18 10:47 AM
ST
n/a
Informed
bookstore representative
Mon 3/5/18 10:49 AM
SC
Sr Director of Technology
Accountable, Consulted, Informed
ADOT Representative
Wed 11/29/17 3:10 PM
SB
n/a
Consulted, Informed
EMSS representative
Mon 3/5/18 10:47 AM
Tim Jones
Sr Dir AdvctInfoSyst&Analytics
Informed
Advancement representative
Mon 3/5/18 10:48 AM
Tim Kresse
DirStdt Aff(s) Bdgt/Technology
Informed
Student Affairs representative
Mon 3/5/18 10:48 AM