University Policies

Page tree

Versions Compared

Old Version 14

changes.mady.by.user O'Neill, Erin E.

Saved on

compared with

New Version 15

changes.mady.by.user O'Neill, Erin E.

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This policy applies to all members of the Rowan community who use Rowan services that are protected by Duo two-factor authentication. A list of Rowan services currently protected by Duo is available at go.rowan.edu/duoapplications.

IV.  DEFINITIONS

  1. Two-factor authentication adds a second layer of security to a Rowan Network Account. Some services and websites refer to this second layer of security as two-factor authentication, 2FA, two-step authentication, two-step verification, or login verification. This second form of authentication helps to prevent unauthorized users from accessing an account, even if the password is compromised.
  2. The Duo Mobile app is available for phones and cellular capable devices, both Apple and Android. It is available for free from the Apple App Store and Google Play Store. It allows the user to say “Yes” or “No” to any attempted login to their account for Duo protected services and thereby provides a second factor of authorization for these services.
  3. A phone is a device capable of receiving phone calls or text messages. It allows the Duo system to contact a user by voice or text message in order to ask them to agree to any attempted login and thereby provides a second factor of authorization to services protected by two-factor authentication.
  4. A hardware token is a small device that can generate a passcode which can be used as a second factor of authorization to services protected by two-factor authentication.

V.  POLICY

  1. Employees
    2. Required:
  2. Rowan requires
    3. employees
  3. all individuals, including Employees, Students, Affiliates, Retirees and Alumni to use either the Duo Mobile app or a phone as a method of two-factor authentication. This can be supplemented by the use of a hardware token where necessary, see below.
    4. Optional:
  4.  
  5. Rowan recommends that
    6. employees
  6. all individuals enroll a second device for two-factor authentication
    7. for
  7. to use if their required method is unavailable. This second option may be the other of the two
    8. required
  8. options listed
    9. above
  9. in V.A., or may be a hardware token.
    10. Employees may purchase a hardware token from IRT (visit https://go.rowan.edu/duo) or departments may wish to purchase hardware tokens from IRT for employees
  11. Hardware tokens may be obtained by all Employees, Employee Affiliates with access to HIPAA classified data, Students, and Student Affiliates.  Hardware tokens are not available for Retirees, Alumni or Affiliate Employees who do not have access to
    12. a suitable phone as detailed in section V. A. a.
  12. systems hosting HIPAA data.  Please see Addendum A for more details.
  13. Replacement hardware tokens may be requested once per year in cases of damage or loss.
  14. Department supervisors should consult with IRT regarding purchasing hardware tokens for staff that may need them for access to applications that are required to perform their job. Applications that currently require Duo authentication are listed in Addendum A.
  15. Students
  16. Required:
    Rowan requires students to use a mobile phone, landline phone, or a hardware token as a primary method of two-factor authentication. Students who do not own a smart phone may request a hardware token from IRT. One will be provided for free. Replacements for lost or damaged student hardware tokens must be purchased from IRT. (visit https://go.rowan.edu/duo)
    17. Optional:
    Rowan recommends that students enroll a second device for two-factor authentication for use if their primary method is unavailable. This second option may be any of the three options listed above.
  18. Hardware Token Recycling or Disposal
    1. Tokens may be returned to any designated IRT office for recycling or disposal
    19. . No refunds (partial or full) will be issued for returned tokens.
  19. Training for the applications are listed in Addendum A
    20. Any training involving the applications currently listed listed in Addendum A will require the person attending the training to be enrolled in Duo
    1. .


 ADDENDUM A

  • VPN Services (vpn2.rowan.edu)
  • Citrix Applications, including EMR and CB, accessed through applications.rowan.edu
  • Google Apps
  • Rowan Online Portal (via rowanonline.com)
  • Office365 – this is different from the current desktop and Citrix versions of Outlook, Word, etc. that are currently in use
  • Learning Management Systems Services:
    • Blackboard
    • Canvas (accessed through rowanonline.com)
    • Kaltura
    • One45
    • Echo360
    • Library Resources
      • EZProxy
      • Rowan Federation
      • InCommon Federation
  • Banner 9 Services – Banner Administrative Pages (formerly known as INB), not Self-Service Banner
  • ServiceNow – support.rowan.edu
  • Starfish
  • PageUp
  • TK20
  • Qualtrics – Survey software

...