Main Menu Dept. of Technology Services Search

Rate

Two-Factor Authentication
FY17 Rate:
1. SID700 Hard Token (Key Fob) $39.89

2. Software Token (Mobile Phone App) $32.20

3. Server License - (One time cost only) $39.67

4. Tri-Annual Maintenance $40.32 (Paid every 36 months)

*You only need to chose between a Hard or Soft Token. You don't need both.

Order Product/Service

Two-Factor Authentication

Two Factor Authentication

Two-Factor Authentication is a security process in which the user provides two means of identification when accessing IT resources, one being a password and the other being a token which is either produced via a small (key-ring size) hardware device (‘hard token’), or a client application or smartphone device (‘soft token’).

Regardless of the type, each assigned token displays a six digit code that changes every sixty seconds.  These codes are synchronized with the user account on an authentication server.  The user must provide a valid password and correct token code to authenticate and access an application.  In addition, agencies may choose to require user to create an RSA passcode.  Users would then be required to provide a passcode + token to be authenticated, adding an additional level of security.

Features and Descriptions

SID 700 Token

The RSA SecurID 700 is a small key fob that connects easily to any key ring and fits into a user’s pocket or small carrying case.

Software Token

The RSA SecurID Software Token is an application that is installed on a desktop, laptop, or smart phone.  The application displays the current token code for the user to enter when accessing a resource requiring two-factor authentication. The Software Token can be paired with screen reading software such as JAWS and NV Access to support the needs of the vision impaired users.
**All tokens have an expiration date of 3 years.  When tokens expire, the agency would need to purchase new tokens.

Google App Authentication

Two-factor authentication can be implemented on most web application currently protected by the SiteMinder single sign on service.  When a user attempts to log in to the application they will be prompted for their AD username and password.  After successful AD authentication the user will then be prompted to provide their token code to complete authentication process.

VPN Authentication

When using two-factor authentication to create a Virtual Private Network (VPN) session via the Cisco AnyConnect VPN client, the user is prompted for their AD username and password along with their RSA username and token code.  The user will only be allowed to create the VPN session once both a valid password and token code are produced.

Desktop Authentication

Two-factor authentication may be added as an additional level of security for users authenticating to their desktop computers.  The user will be prompted for their network username and password along with their token code.  The user will not be able to access their computer without providing a valid password and token code.

Protecting other applications or resources

If an agency wishes to implement two-factor authentication on other applications or resources, additional costs for development and project management time my be required.  Contact the product manager for more information.

Ordering and Provisioning

Agencies who wish to implement two-factor authentication should contact the Enterprise Information Security Office (EISO).  The EISO will work with the agency to determine their requirements and develop an implementation plan.

DTS Responsibilities

DTS is responsible for the setup and maintenance of the infrastructure required for two-factor authentication including the authentication server and any interfaces accessing the server.

Agency Responsibilities

Agencies will be responsible for assigning and managing tokens for their users.  An agency designee or designees will be trained on how to access their users on the authentication server and assign, revoke or change tokens.

DTS Service Levels and Metrics

In an effort to improve service to our customer agencies, DTS will measure and report on the following enterprise metric goals:

  • Application Availability
  • Resolution Time
  • Initial Response
  • First Contact Resolution
  • Customer Satisfaction Surveys

Application Availability

Application availability measures DTS’ efforts to ensure agency key business applications meet the percent of availability goals identified in the agency Service Level Agreements (SLA).  DTS will determine application availability based upon the collective measurement of the configuration items (both hardware and software) which are determinant to supporting the agency business services applications.  These metrics will be reported each month by agency with a cumulative report showing DTS’ efforts over several months and posted to the DTS Metrics web page at http://dts.utah.gov/metrics/index.html.

Metric Description

Target

Two-Factor Authentication

100%

Times exclude those tickets in a “Pending” status waiting a known bug fix.

Resolution Time

Resolution time measure DTS’ efforts to resolve customer incidents within the timelines set below based upon urgent, high, medium and low priorities.  These metrics will be reported each month, by agency, with a cumulative report showing DTS’ efforts over several months.  These reports will then be posted on the DTS Metrics web page at: http://dts.utah.gov/metrics/index.html.

Total Time to Resolution

Target: Percent of Tickets Meeting Priority Timelines

Low priority – 6 Business hours

90%

Medium priority – 4 Business hours

90%

High priority – 3 Clock hours

90%

Critical priority – 3 Clock hours

90%

Initial Response

Initial response measure DTS’ efforts to respond to customer incidents within the timelines set below based upon urgent, high, medium and low priorities.  These metrics will be reported each month by agency with a cumulative report showing DTS’ efforts over several months. These reports will then be posted on the DTS Metrics web page at: http://dts.utah.gov/metrics/index.html.

Time to Initial Response

Target: Percent of Tickets Meeting Priority Timelines

Low priority – 1 Business hour

85%

Medium priority – 1 Business hour

85%

High priority – 1 Clock hour

90%

Critical priority – 30 Clock minutes

95%

First Contact Resolution

First contact resolution measures DTS’ efforts to resolve customer incidents on initial contact with either our help desk or a technical specialist.  These metrics will be reported each month, by agency, with a cumulative report showing DTS’ efforts over several months.  These reports will then be posted on the DTS Metrics web page at: http://dts.utah.gov/metrics/index.html.

Metric Description

Target

First Contact Resolution

65% of all incidents reported resolved on initial contact

Customer Satisfaction Surveys and Reporting

All users/customers whose technical incidents are resolved by DTS staff will be given the opportunity to respond to an on-line survey regarding their level of satisfaction with the support received from DTS. Responding to the survey is voluntary.

The chart below identifies DTS enterprise goals for customer satisfaction. Cumulative monthly reports will be created displaying the customer’s level of satisfaction with DTS support. These reports will then be posted on the DTS Metrics web page at: http://dts.utah.gov/metrics/index.html.

Customer Satisfaction Target

Metric Description

Target

Average level of satisfaction with resolution efforts

≥ 4.5 on a scale of 0 – 5

Percentage of respondents expressing satisfaction (vs. dissatisfaction)

93% of respondents satisfied