JLab Continues Rollout of MultiFactor Authentication

JLab Continues Rollout of MultiFactor Authentication

Background

If you work with sensitive information, you may be impacted by the upcoming rollout of multifactor authentication (MFA) in Jefferson Lab’s computing environment. In order to better protect data and systems at the Laboratory, and in collaboration with a broader initiative across the DOE complex, Jefferson Lab is rolling out MFA to staff and users with access to sensitive information. MFA usually combines a pin or a password with some kind of hardware token or card, which makes it more difficult to compromise an account. The Lab is rolling out a version of MFA that requires a PIN+smartcard token.

What does this mean for you?

Jefferson Lab already has implemented MFA to protect certain types of sensitive data/systems, such as those on the business services network. In order to comply with the current DOE initiatives and align with best-business practices, the Lab will be enhancing our MFA implementation using an approach that will minimize the impact on Lab mission while reducing risk. We thank everyone who has participated in the surveys over the past few months, in which we have been able to collect valuable information to help identify computers, group directories, and user accounts that should be protected using MFA.

Changes will include requiring MFA for some users, and a split of the group file server into separate areas for Open Science versus Sensitive/MFA-protected information areas. Most staff will require MFA tokens/smart cards for login access to JLab systems. Most non-staff (users, contract services, etc.) will continue to use passwords at this time.

To find out if you will require an MFA token or smart card based on the systems you access, visit: https://misportal.jlab.org/mis/apps/cni/accounts/myMFA.cfm

Upcoming changes

Starting Tuesday, December 13, 2016, the IT Division will begin distributing MFA tokens to those who do not yet have them but will need them, and we appreciate your cooperation in this effort. For your convenience, Helpdesk staff will carry out this distribution on a planned schedule – visiting a number of the lab’s buildings over several days. Staff may also visit the Helpdesk in CEBAF Center to obtain their MFA token at any time. Staff who are available to pick up their MFA token or smart card are encouraged to do so before the end of the year; however, the distribution will continue in January. Although smartcard authentication will not be required before January, we encourage users to begin using their smartcards to login immediately, as it will give us confidence that the system is working and no users will be adversely affected when it becomes required.

During the holiday shutdown, on December 27, 2016, the IT Division will perform the group file server split. Users may experience intermittent outages on December 27-28 while this work is being performed. More information about this work is provided at the link below and will be made available soon.

More Information

For more information, including a card issuance schedule by building, FAQs and details on how these changes will impact you, please visit the following website: https://www.jlab.org/mfa