SSO MFA: Project/Secondary Accounts

*IMPORTANT - PLEASE READ* SSO MFA: Project/Secondary Accounts  

 

As detailed in the latest GMIT Newsletter (sent yesterday - 1st March 2021), which is available to view here: https://it.museums.ox.ac.uk/article/issue-5-spring-2021, the implementation of Multi-factor Authentication (MFA) on our Single Sign-On (SSO) accounts is progressing well. The project is now moving into its final stages with the completion of MFA on personal accounts in March, and then the implementation on Project and Secondary Accounts looking to take place around the middle of April (TBC).

 

Please see: https://itservicesprojects.web.ox.ac.uk/multi-factor-authentication-project for a full overview of the project. 

 

The implementation on Project or Secondary Accounts is a little more complex, and requires considerable thought to ascertain the appropriate course of action for these accounts. Project or Secondary Accounts are those which are utilized by a number of people, either as a shared mailbox or for a specific task or project and as such the use of Multi-factor Authentication on such an account is not really a natural process and has caused a number of questions from the University IT community in respect to necessity and process.

 

It has been determined that MFA *is* required on those Project or Secondary accounts which have an SSO Username/Login attached, with advice given to Local IT departments to investigate whether accounts are in use and whether they need a separate SSO Username/Login to access. Across the Gardens & Museums we have around 200 Project/Secondary accounts, and we will be directly contacting Account Owners to discuss the requirement, use and access on these accounts. We hope that said emails will reach Account Owners within the next 3 weeks, but this work is both unexpected and extensive so please do bear with us.

 

These direct emails will come from the email address it@glam.ox.ac.uk and consist of the following questions

 

  • Is the account still required?
  • How is the account accessed (Outlook; Outlook Web Client)? And how frequently?
  • What it is used for?
  • Who accesses it? Or makes use of it?

 

If you are a Project/Secondary Account owner please do take the time to consider these questions in advance, and discuss within your team as required. If you are the owner of multiple different accounts we will look to send a single email detailing all accounts.