Identity and Access Management (IAM)
Identity and Access Management
Stevens Identity and Access Management (IAM) program aims to implement a modern, comprehensive IAM platform on the cloud for the Stevens community, which includes students, faculty, staff, alumni, and affiliates. In its second year of implementation, Stevens IAM currently provides secure and simplified access to a growing list of applications (over 150 applications as of 2022) through one single password (single sign-on or SSO). In line with the Zero Trust Framework, Stevens IAM is undergirded with adaptive MFA, which uses dynamic parameters to further secure user access. With users and businesses increasingly working remotely, traditional security perimeters like firewalls and network boundaries need to evolve. Stevens IAM realizes that identity is now the bedrock of IT security and business processes, and Stevens IAM aims to provide flexible and world-class IT end-user experiences in a dynamic landscape. In its second phase, Stevens IAM will work on improvements to current processes and develop automated de-provisioning.
Benefits & Objectives
Some objectives of our IAM program include the following:
Quick access. The Okta dashboard provides quick and easy access to all applications without having to remember a distinct login URL or password for each one.
Reduce support tickets. SSO reduces the need for IT support requests and password resets.
Better security. Passwords are often targeted by hackers because weak or stolen passwords provide an easy path to gaining unauthorized access. Unfortunately, having many passwords makes it difficult to practice good password hygiene. Since SSO only requires one password, you can focus on creating a stronger password, and fewer passwords mean less risk of one being compromised.
Automation of access management policies. Using an IAM framework makes it easier to enforce policies to maintain secure user and privilege management.
Multi-factor Authentication
Okta provides users with the ability to have a more integrated and seamless MFA experience.
Some of the applications that are using Okta include:
myStevens, Office 365, Box, Workday, Canvas, KnowBe4, Zoom, Apporto, Kaltura, Google Apps, LinkedIn Learning, People Finder, Group Web Spaces, Everbridge, Kuali, Concur, Library Online Resources, and others
If you are unable to use the Okta Verify App for MFA, the following options are available:
Google Authenticator
Voice/SMS
YubiKey Token
Contact [email protected] to get set up with any of these alternative methods.
Types of User Accounts
In order to safeguard Stevens systems protected by the IAM program, there is a separation of types of user accounts to better manage access. The types of user accounts available are as follows:
Staff
Students
Faculty
University affiliates
Pre-College
Emeritus
Long-term guest
Alumni (coming soon)
How to Request New SSO Integration
University partners who want to integrate their proposed new applications into Okta SSO must fulfill the following requirements and follow procedures. Please allow up to 15 business days for the SSO integration, we are very busy with these requests and other work and want to ensure your request is completed on time.
Create Stevens Support Request
Note: Application must be compatible with one of Okta’s supported SSO protocols.
On your myStevens homepage, navigate to the Stevens Support Portal application.
Select “Having an Issue?” under the list of services.
On the “Report an Issue” page please select “Integrations & Data Warehouse” as the category and “Integrations – New” as the sub-category.
In the “Additional Information” section of the request, you should include the following:
Why do you need SSO? Give a description of the application, including but not limited to its business purpose and its intended audience.
Did you reach out to the application’s service provider (SP)? To integrate the application with Okta SSO, both we and the SP must send each other the necessary metadata files. The order does not matter as long as both files are exchanged; however, it is preferred for the SP to provide it first. If the SP has already sent over their side’s SSO metadata files, please attach them. Otherwise, after you submit your request, we will provide our files for you to send to the SP first.
Setting up an integration call with the SP We request, if possible, to set up an integration call with the vendor so we can test metadata and attribution integration, as well as general SSO login testing. This can also be done through email if that is preferred.
Okta IP Access Policy
In accordance with United States regulations, Users may not access Okta services from Cuba, Iran, North Korea, Syria, the regions of Crimea, Luhansk (LNR) or Donetsk (DNR). Please contact [email protected] with any questions or concerns.
Coming Soon...
Temporary account provisioning for guests and affiliates
Automatic account deprovisioning
Services Provided
If you are looking for how to change your name, gender, or pronouns in Workday, Canvas, or Handshake, please visit the Name, Gender, and Pronoun Changes page.
Multifactor Authentication
Changing MFA method
Resetting passwords
Adding new SSO integrations
Adding shortcuts to the Okta dashboard
Account provisioning for University affiliates
Need IT Support?
Get support through our self help resources, contacting IT support or visiting TRAC.