Two-Factor Authentication is a security process in which the user provides two means of identification when accessing IT resources, one being a password and the other being a token which is either produced via a small (key-ring size) hardware device (‘hard token’), or a client application or smartphone device (‘soft token’).
Regardless of the type, each assigned token displays a six digit code that changes every sixty seconds. These codes are synchronized with the user account on an authentication server. The user must provide a valid password and correct token code to authenticate and access an application. In addition, agencies may choose to require user to create an RSA passcode. Users would then be required to provide a passcode + token to be authenticated, adding an additional level of security.
Features and Descriptions
SID 700 Token
The RSA SecurID 700 is a small key fob that connects easily to any key ring and fits into a user’s pocket or small carrying case.
Software Token
The RSA SecurID Software Token is an application that is installed on a desktop, laptop, or smart phone. The application displays the current token code for the user to enter when accessing a resource requiring two-factor authentication. The Software Token can be paired with screen reading software such as JAWS and NV Access to support the needs of the vision impaired users.
**All tokens have an expiration date of 3 years. When tokens expire, the agency would need to purchase new tokens.
Google App Authentication
Two-factor authentication can be implemented on most web application currently protected by the SiteMinder single sign on service. When a user attempts to log in to the application they will be prompted for their AD username and password. After successful AD authentication the user will then be prompted to provide their token code to complete authentication process.
VPN Authentication
When using two-factor authentication to create a Virtual Private Network (VPN) session via the Cisco AnyConnect VPN client, the user is prompted for their AD username and password along with their RSA username and token code. The user will only be allowed to create the VPN session once both a valid password and token code are produced.
Desktop Authentication
Two-factor authentication may be added as an additional level of security for users authenticating to their desktop computers. The user will be prompted for their network username and password along with their token code. The user will not be able to access their computer without providing a valid password and token code.
Protecting other applications or resources
If an agency wishes to implement two-factor authentication on other applications or resources, additional costs for development and project management time my be required. Contact the product manager for more information.
Ordering and Provisioning
Agencies who wish to implement two-factor authentication should contact the Enterprise Information Security Office (EISO). The EISO will work with the agency to determine their requirements and develop an implementation plan.
DTS Responsibilities
DTS is responsible for the setup and maintenance of the infrastructure required for two-factor authentication including the authentication server and any interfaces accessing the server.
Agency Responsibilities
Agencies will be responsible for assigning and managing tokens for their users. An agency designee or designees will be trained on how to access their users on the authentication server and assign, revoke or change tokens.
DTS Service Levels and Metrics
In an effort to improve service to our customer agencies, DTS will measure and report on the following enterprise metric goals:
- Application Availability
- Resolution Time
- Initial Response
- First Contact Resolution
- Customer Satisfaction Surveys
Application Availability
Application availability measures DTS’ efforts to ensure agency key business applications meet the percent of availability goals identified in the agency Service Level Agreements (SLA). DTS will determine application availability based upon the collective measurement of the configuration items (both hardware and software) which are determinant to supporting the agency business services applications. These metrics will be reported each month by agency with a cumulative report showing DTS’ efforts over several months and posted to the DTS Metrics web page at https://dts.utah.gov/metrics/index.html.
|
Metric Description |
Target |
|
Two-Factor Authentication |
100% |
Times exclude those tickets in a “Pending” status waiting a known bug fix.
Resolution Time
Resolution time measure DTS’ efforts to resolve customer incidents within the timelines set below based upon urgent, high, medium and low priorities. These metrics will be reported each month, by agency, with a cumulative report showing DTS’ efforts over several months. These reports will then be posted on the DTS Metrics web page at: https://dts.utah.gov/metrics/index.html.
|
Total Time to Resolution |
Target: Percent of Tickets Meeting Priority Timelines |
|
Low priority – 6 Business hours |
90% |
|
Medium priority – 4 Business hours |
90% |
|
High priority – 3 Clock hours |
90% |
|
Critical priority – 3 Clock hours |
90% |
Initial Response
Initial response measure DTS’ efforts to respond to customer incidents within the timelines set below based upon urgent, high, medium and low priorities. These metrics will be reported each month by agency with a cumulative report showing DTS’ efforts over several months. These reports will then be posted on the DTS Metrics web page at: https://dts.utah.gov/metrics/index.html.
|
Time to Initial Response |
Target: Percent of Tickets Meeting Priority Timelines |
|
Low priority – 1 Business hour |
85% |
|
Medium priority – 1 Business hour |
85% |
|
High priority – 1 Clock hour |
90% |
|
Critical priority – 30 Clock minutes |
95% |
First Contact Resolution
First contact resolution measures DTS’ efforts to resolve customer incidents on initial contact with either our help desk or a technical specialist. These metrics will be reported each month, by agency, with a cumulative report showing DTS’ efforts over several months. These reports will then be posted on the DTS Metrics web page at: https://dts.utah.gov/metrics/index.html.
|
Metric Description |
Target |
|
First Contact Resolution |
65% of all incidents reported resolved on initial contact |
Customer Satisfaction Surveys and Reporting
All users/customers whose technical incidents are resolved by DTS staff will be given the opportunity to respond to an on-line survey regarding their level of satisfaction with the support received from DTS. Responding to the survey is voluntary.
The chart below identifies DTS enterprise goals for customer satisfaction. Cumulative monthly reports will be created displaying the customer’s level of satisfaction with DTS support. These reports will then be posted on the DTS Metrics web page at: https://dts.utah.gov/metrics/index.html.
Customer Satisfaction Target
|
Metric Description |
Target |
|
Average level of satisfaction with resolution efforts |
≥ 4.5 on a scale of 0 – 5 |
|
Percentage of respondents expressing satisfaction (vs. dissatisfaction) |
93% of respondents satisfied |
