[CITL] Duo Change

Dewight F Kramer dewight.kramer at ucr.edu
Wed Nov 4 17:38:39 PST 2020 

Good Evening CITL Members,

Summary:
There is a change to DUO that ITS will be making on November 6 around 10PM there is No expected change to user experience.  There are only a few applications outside of ITS that use DUO and if you are one of the units that have such an application and want to test the app before the move please contact the IAM team at: itsiam at ucr.edu<mailto:itsiam at ucr.edu>

Details:
DUO will be forcing a change to the service by activating the Policy and Control Engine globally beginning November 12. ITS is choosing to make the switch on a scheduled time that works for all teams that are involved.  Moreover by doing this change on a Friday night vs a Thursday night if there is an issue we need to address then there is less of an impact and a larger window to fix it.

Risk is deemed low by DUO per DUO's notification which indicates: "The upgrade process is designed to automatically migrate your existing individual application and group settings to new policy objects without any impact to your end-users. There will be no service interruptions during the migration. The migration may take a few seconds to complete." Risk is also deemed low by ITS teams.  IAM (has been in the DUO sandbox since June, test since July tested in CAS,  CWS  tested with MyAccount DUO integration, Network team tested with VPN,  ISO  tested with administrative script.

Although the risk is low if something does go wrong the impact is considered to be high, due to the fact that DUO is used to access a wide range of systems by users.  Also this change has no back out path, once the change is made we must move forward.  We have engaged Duo to see about getting standby support, but at this moment it looks as if our only option is to engage them if something goes wrong, at which time they will get back to us with in a 4 hour window.  We will continue to see if it is possible to have standby support.

If your unit is using DUO to MFA to an application you managed and would like to test the new process, or if you have any other questions about this change please contact the IAM team at: itsiam at ucr.edu<mailto:itsiam at ucr.edu>

Thank you,


Dewight Fredrick Kramer
Chief Information Security Officer
Information Technology Solutions
University of California, Riverside
•  (951) 827-3070| • dewight.kramer at ucr.edu<mailto:dewight.kramer at ucr.edu>
[signature_2034439392]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ucr.edu/pipermail/citl/attachments/20201105/7e85e02f/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 4409329 bytes
Desc: image001.png
URL: <https://lists.ucr.edu/pipermail/citl/attachments/20201105/7e85e02f/attachment-0001.png>

More information about the CITL mailing list