Rolling out Multi-factor Authentication (MFA) to over 100,000 users at Australia’s largest university might seem like an impossible task, but Andrew Collins and Cameron Duck of Monash University rolled out this functionality across students, faculty and alumni—all in just 100 days.
In the wake of the Silent Librarian phishing attack—which targeted research and medical universities globally and resulted in 31 terabytes of compromised data and over $3.4 billion in costs—user security was top of mind for Monash.
The university started its MFA journey by rolling it out in its existing ADFS environment, but quickly faced user experience issues and core requirements that weren’t being met. This is when they turned to Okta.
Monash meets Okta
With Okta, the Monash team discovered that they could implement much more than just MFA functionalities. They were able to migrate all applications from ADFS to Okta, implement Single Sign-On (SSO), use SCIM provisioning for applications such as Workplace and Slack, and are now working towards implementing API management in order to integrate with MuleSoft. Okta also brought a user-friendly experience for both signing up and signing in, meeting a primary requirement for the organization.
Once fully deployed, Okta’s cloud-hosted identity platform also enabled Monash to remove its ADFS infrastructure completely, which eliminated the time spent patching and upgrading the system.
What does a 100-day rollout look like?
The Okta MFA rollout took place in three phases:
- Federate Okta within ADFS (1 day)
- Migrate all applications from ADFS to Okta (34 days). This included creating a migration schedule, allocating migration windows, conducting pre-migration testing, and training users
- Roll out MFA to the organization in its entirety (100 days)
For the third phase, Monash realized that they needed a group of pilot users to test the system and act as their advocates in the university. They engaged the executive team, cashing in on their interest in keeping the institution secure.
Following the pilot program, the team set up a two-week opt-in period to encourage early adoption. And for the rollout, they ensured that users were fully supported with thorough documentation, FAQs, instructional videos, and active support staff.
Sweet migration success
Within the first 100 days, Monash’s IT team rolled out MFA to 100,000 users — no small task when users include not only faculty, but also students and alumni. Their advice to anyone looking to roll out MFA to a large user base is simple, but important:
- Establish who you will affect with this change
- Engage the support of your executive team
- Plan ahead and design a comprehensive rollout strategy
- Choose the factors that best align with your user needs
- Support your end users throughout the journey and beyond
- Develop policies that mandate the use of MFA
To date, Monash has a total of 170,000 users in Okta, 130,000 MFA users, and over 250 applications. As the team looks ahead to the future, they will continue to work with Okta to further secure their organization with features like behavioural policies and WebAuthn. And we look forward to helping them get there.
You can watch the Oktane19 video below to get full details on Monash’s implementation story. If you’re considering making the move to MFA, read our whitepaper on the 7 Things to Consider Before Making the Switch to MFA.