The Identity and Access Management (IAM) environment across the UW System is extremely fragmented across its institutions, with each campus providing a different architecture and technical solution. From a campus perspective, the environment is comprised of legacy scripts and custom code creating a large amount of technical debt that is difficult to maintain and challenging to adapt to modern cloud architectures. From a system-level perspective, the environment provides a complex user experience with significant barriers to collaboration across campuses. Furthermore, the bi-directional nature of identity generation (students flow up from local campus Student Information System and faculty/staff flow down from the central Human Resource System) makes it extremely challenging to reconcile identities/accounts across campuses.
The transition to Workday HR from PeopleSoft provides an ideal opportunity to introduce an enterprise-grade, best-in-class platform to dramatically improve the overall flow of data, improve the user experience, and streamline local campus identity management solutions.
After extensive research and a hands-on proof-of-concept, the Okta platform was selected. Okta will enable UW System to retain its federated nature with a hub/spoke architecture to simultaneously achieve both campus-level benefits and system-level benefits.
Current work includes implementing Okta Identity Providers at all UW institutions, except UW-Madison.
- UW System is scheduled to go live on August 15, 2023, with its Okta Identity Provider and Okta Verify.
- As of August 7, 2023, UW-Whitewater has gone live with its Okta Identity Provider.
Most institutions are electing to transition to Okta Verify as the multi-factor authenticator solution during their Okta Identity Provider implementation.
Future work will include:
- utilizing the Okta platform to provision user accounts,
- reducing complexity, and
- improving identity data processing.
Okta Help & Instructions
Frequently Asked Questions
Will my applications require any changes?
No. The login and MFA screens and processes will change. Applications will remain accessible via the new login process and do not need to be reconfigured or changed.
Will I still need to use the WAYF or Wisconsin Discovery Page to select my institution?
Yes. When accessing systemwide applications you will continue to utilize the WAYF page which will route you to our new Okta login for authentication and MFA before access to the application is provided.
Will YubiKey’s be available?
If you are currently using a hardware token on a regular basis you may receive a new YubiKey.
Can I use my own YubiKey (WebAuthn/FIDO2) Security Key (Google Titan Key, etc.)?
Yes, WebAuthn/FIDO2 security keys are user managed and you may use your own
Is SMS or Phone Call MFA available?
SMS and Phone calls are weaker MFA methods. Both methods can be made available to those with business or accessibility needs. Please contact the Help Desk for assistance.
Will I be able to access the login globally?
No, logins will be restricted in countries that are considered high-risk.
Does installing the Okta Verify client on my device mean it will be subject to open record requests?
The contents of strictly personal communications (texts, emails, voice messages) or data are not subject to the Wisconsin Public Records Law simply by using the app to verify your identity. Strictly personal means that it is not related to university business. If you were using your personal device to conduct university business (such as responding to emails, texting a colleague about a work-related issue or leaving or receiving voice messages on work-related subjects, or accessing university digital assets) those communications which relate to the university business could be subject to the Wisconsin Public Records Law or could be the subject of a university-related subpoena. The contents of your personal communications that do NOT involve university business would not be subject to the Wisconsin Public Records law or to a university-related subpoena for university business records.
Do I need to be connected to the Internet for Okta Verify to work as an MFA factor?
Okta Verify is the recommended authentication method. To successfully install the app, you must be connected to the internet. However, after setting the application up, the 6-digit codes can be used offline.
Are Hardware tokens available?
Everyone will be encouraged to use an Android, iOS, MacOS, or Windows device that is configured with the Okta Verify app. It is recommended that multiple devices be configured so a backup is available.
YubiKeys will be available under the following circumstances:
- To accommodate the accessibility of a user.
- When a user lacks a smartphone.
- To support a user who works in a location without connectivity.
- When there is a business requirement or need.
Where can I find the client for Okta Verify?
Please use the following download links:
Windows university owned devices go to Software Center.
Windows non-university owned devices
Additional information can be found at OKTA KB.