Information Technology Services (ITS)

UTORMFA to replace eTokens for high security applications

Published on: November 18, 2021

Information Security is pleased to announce that eToken authentication for high security applications that use AdminVPN, including AMS, Repository of Student Information (ROSI), ROSI Files, Rocket Shuttle, StarRez and Unit VPNs, will migrate to the University of Toronto’s (U of T) multi-factor authentication (MFA) solution, UTORMFA, on Nov. 27 between 1:45 p.m. and 4 p.m. As part of this transition, these applications will be unavailable during this time.

Access to student information via ROSI Express will be uninterrupted over the weekend of Nov. 27.

All other eToken applications (i.e., those that don’t require AdminVPN) are already UTORMFA-enabled. To login with UTORMFA simply click “Send me a push” on the weblogin page.

UTORMFA, powered by DUO, is a software-based MFA method that authenticates logins via prompts sent to a user’s phone. This authentication method is secure, easy-to-use and quick to set up. UTORMFA has already been adopted by over 12,000 U of T community members. If you haven’t already done so, sign up for UTORMFA today.

Key project details:

Cisco AnyConnect configuration update
In preparation for the migration on Saturday, Nov. 27, local IT administrators will have deployed an updated Cisco AnyConnect AdminVPN profile to users’ computers. After the deployment, users will see the current AdminVPN (port.eis.utoronto.ca) and the new AdminVPN (admin.vpn.utoronto.ca). This new admin.vpn.utoronto.ca will be fully activated on Saturday, Nov. 27 after 4 p.m.  Please continue to use port.eis.utoronto.ca until this date. 

Migration details
After Nov. 27, eTokens will no longer be issued to new users. These users will need to be onboarded with UTORMFA instead. While some applications may continue to accept eToken, we highly recommend that users switch to UTORMFA as soon their application is supported. Please keep your eToken and return it to your eToken administrator in January or February 2022. Your eToken administrator will then forward it through interoffice mail to Information Security for secure disposal.

Digital signing
Anyone using eToken Digital Signing will have to move to an alternative electronic signature solution before February 2022. No new eTokens will be issued after Nov. 27, 2021, and new staff members will need to use an alternate solution for electronic signatures.

Project dates

Aug. 29, Sept. 12 — AdminVPN migration testing successfully completed for Cisco AnyConnect.

Nov. 3 — All eToken users must sign up for UTORMFA.

Nov. 8 — IT administrators will update all Cisco AnyConnect AdminVPN user profiles.

Nov. 26 — IT administrators will update all Digital Workplace user profiles.

Nov. 27 (after 4 p.m.) — IT administrators will activate admin.vpn.utoronto.ca for all AdminVPN users and applications (including AMS, ROSI, ROSI Files, ROSI Express, Rocket Shuttle, StarRez and Unit VPNs).

Nov. 27 — All users will use UTORMFA to access the new VPN, and eTokens will no longer be issued.

Dec. 8 — port.eis.utoronto.ca VPN will be deactivated, and IT administrators will start removing the profile from the Cisco AnyConnect drop-down menu.

February 2022 — eToken retirement. eToken administrators will collect eTokens to be sent to Information Security for secure disposal.

Learn more about this process and watch a recording of a past Connect+Learn session. You can also visit Information Security’s website for more information about the eToken migration project.

Enroll in UTORMFA today!

If you require assistance, please contact your local IT administrator or your campus help desk: