MIT’s Touchstone system to be powered by Okta starting June 17th
“Transitioning to the Okta platform enables Touchstone to provide support for new authentication mechanisms and second factors.”
Starting June 17, Information Systems and Technology (IS&T) will update MIT’s single sign-on (SSO) web authentication service Touchstone to be powered by Okta Identity Engine, “a modern cloud-based and extensible platform,” to protect users’ identities and facilitate app access from any device.
Touchstone is used by members of the MIT community to access applications and websites associated with the Institute through their personal Kerberos account. Touchstone was previously utilized with Duo Security for multi-factor authentication (MFA).
After conducting a successful pilot program involving multiple MIT systems and services, IS&T decided to update Touchstone’s configuration on June 17 so that “all Touchstone-enabled systems will use the new Okta-powered single sign-on service.”
The justification behind the transition is that Okta allows for “new authentication mechanisms and second factors,” which is an upgrade from the “ease-of-use previously offered by MIT certificates and SPNEGO.” IS&T anticipates making these improvements available to the community in the next few months.
Current authenticated users of Touchstone will not be impacted but new users should expect to encounter some changes. According to IS&T, Touchstone powered by Okta will “continue to support existing applications seamlessly” for current users while “new applications and services requiring Touchstone authentication will be configured to use the new platform.”
Although Okta is functionally similar to Touchstone, there are a few differences between the two. For instance, the login page will be “on okta.mit.edu instead of idp.mit.edu”. Additionally, for first-time users of Okta, they will need to finish “a one-time task to reconnect their login to their account.” Moreover, MIT certificates and Kerkeros tickets (SPNEGO) will no longer be supported by Touchstone powered by Okta, leaving the MIT username and Kerberos password.
More information on the Okta update can be found here.