SUNY Oswego is taking the next step to enhance campus digital security and protect personally identifiable information and intellectual property. In continuation of the multi-factor authentication (MFA) security initiative the campus has been undergoing with various SUNY Oswego digital applications, Campus Technology Services (CTS) will be enabling MFA on LakerApps, the Google suite of Gmail, Calendar, Drive, Classroom and associated collaboration applications such as Google Chat and Meet.
Implementation schedule
The campus implementation will be staggered across various cohorts. Employees start opting-in at 8 a.m. March 22 with a completion date of March 31. Other cohorts including students, alumni, retirees, and departmental accounts are being scheduled and will be announced at a later date.
Implementation details
Starting at 8 a.m. on Wednesday, March 22, employees will start receiving notifications to configure MFA when they login to any web-based Google app. It will look like the following:
(Image reads: "Don’t get locked out. Your domain will soon enforce 2-Step Verification to ensure better account security.This policy will be enforced from Mar 31, 2023 which means that you will be asked to enter a one time password when signing in. To avoid being locked out of your account please enroll into 2-Step Verification now. A link to learn more about 2-Step verification is included and goes to https://safety.google/authentication/. There is a blue button to enroll or a link to do it later.)
Google MFA works differently than other MFA-enabled applications and will require a separate configuration. Options available are similar to ones you may already be using for other applications including a phone call, text message, or an app like the Microsoft Authenticator app. Employees will have through March 31 to opt-in to the service.
Once you have Google MFA enabled, please note the following:
- When you log in to your primary machine, you will be prompted for MFA the first time you login to a web-based Google app on that device. You can opt to “trust” that device which will stop prompting you for your MFA credentials on that device. You will still be asked for your password.
- You will be prompted for Google MFA verification when you use other devices. If these devices are public computers or ones you do not use on a regular basis, it is recommended to not trust the device.
- Podium computers in the classrooms can not be exempted from Google MFA. Therefore, faculty or staff who teach in a classroom, and log in to Google on the podium computer, will be prompted each time. While you may be able to “trust” a podium computer, the computer will forget the setting by the next day. The exemption for other MFA-enabled applications such as Brightspace will continue.
- Currently configured smartphones and tablets should not be impacted unless accessing Gmail, Google Docs, etc., through the device’s web browser.
Additional information
CTS has additional information and documentation available on the www.oswego.edu/cts/mfa website. Future updates for the project will be made on this website and through the Oswego Today publication.
Additional applications requiring MFA
This morning at 8 a.m., March 21, MFA for the VPN (Virtual Private Network) service was turned on. The authentication has been replaced with the same type of MFA login you see for accessing Brightspace, Banner, and/or myOswego. The login will ask for your password and then for one of your already configured MFA options. No additional configuration on your part is needed for this change.
The next application to enable MFA will be AEFIS (the Assessment, Evaluation, Feedback and Intervention System). The schedule for this will be announced at a later date.
If you have any questions, please contact the CTS Help Desk during normal business hours.
Sean Moriarty
Chief Technology Officer
Campus Technology Services