Multi-Factor Authentication

Multi-factor Authentication (MFA) enhances security by adding a layer of protection to the authentication process.

Description

Multi-factor Authentication (MFA) requires you to verify your identity with something you know (your credentials) and an item in your possession (your device). As a result, MFA effectively prevents unauthorized access, even if your password has been compromised.

The CSU has selected Duo (duo.com) as the multi-factor authentication provider. The multi-factor authentication project will initially roll out Duo for Google Workspace to faculty, staff, and students. Other campus applications will be added to the deployment list to ensure SDSU information and your digital identity is protected.

Goals / Deliverables

Goals

Provide a highly available, scalable, user friendly, integrated multi factor authentication solution for the University.
Enhance SDSU security and privacy posture across the enterprise.

Deliverables

Enable MFA to all SDSU SSO integrated Apps.
MFA website to provide self-support
Identify networks or applications that will require more work to make them "MFA ready"

Timeline

2020	2021
January Duo MFA Project Initiated.	January Initiated Duo MFA communication campaigns and workshops (through March). Enabled Duo MFA for CHR. Deployed Duo MFA Dashboard.
April Developed communication plan with StratComm. Reviewed application policies.	February Enabled Duo MFA for UPD.
May Sent communication to ITD about Duo MFA.	March Enabled Duo MFA for all faculty, staff, and students.
July Enabled Duo MFA for ITD.	April Enabled Duo MFA on MS Exchange. Communication sent to alumni, retirees, and emeriti regarding Duo MFA enforcement. Enabled Duo MFA for Omni CMS.
August Enabled Duo MFA for Foundation.	May Enabled Duo MFA for alumni, retirees, and emeriti. Review of application prioritization and integration.
September Enabled Duo MFA for Campus IT, Procurement, KPBS, and Oracle E-Business users.	June Enabled Duo MFA for Microsoft Azure SSO applications for ITD on June 21. Strategizing to enable Duo MFA on all Microsoft Azure SSO Application campus-wide in Fall 2021. Enabled Duo MFA for Medicat Patient Portal System. Enabled Duo MFA for a smaller subset of users for Repro Store, SDSU Card, and Ellucian CRM Advance.
November Enabled for the Academy.	July ITSO discussed with IT leadership and other stakeholders, including IT Governance Council, plans to enable Duo MFA for all SSO applications. Prepared Communications Plan to enable Duo MFA for campus applications and services. Coordinated with StratComm on deployment of the Duo MFA Communications Plan in August.
December Enabled for COS (Dean's Ofc) and CHHS (Deans' Ofc).	August Enabled for PeopleSoft. Communication reminders sent via State Up to Date (faculty and staff), direct email messages (faculty, staff, and students), and through social media. Enabled for all SSO apps, including Canvas, Zoom, and 0365. List of Duo-supported services is provided here.

RACI

Task/Deliverable	Ricardo Fitipaldi, Interim CISO	StratComm	ITSO	ITUS	Library HUB	IT Leadership	Jerry Sheehan, VP for IT / CIO
Project Management	A		R			C	I
Faculty and Staff Support	C		C	R		C	I
Student Support	C		C	C	R	C	I
Communication Strategy	C	R	C			C	I
Workshops	A		R			C	I
Duo Enabled on Google Workspace	A			R		I	I

RACI Key

Responsible: People or stakeholders who do the work.
Accountable: Person or stakeholder who is the "owner" of the work.
Consulted: People or stakeholders who need to give input before the work can be done and signed-off on.
Informed: People or stakeholders who need to be kept "in the picture."

[email protected]