One Step to a Modern-Day VPN Experience

Commonwealth employees who use the VPN service provided through ITD will transition to a new, more sophisticated VPN platform over the coming weeks.

The new platform will give users much greater flexibility for using VPN while providing a higher level of security than ever before.  It does this by making use of a Universal Identity Service (UIS).  You will hear more details soon about the cool new functionality you can expect.  In the meantime, there is one critical difference you should be aware of and prepare for. 

To connect to the new VPN platform, you will log in through a new UIS website using a (regular) password of your choice.  Each time you log in, the UIS will auto-generate and send to you a one-time access code that will act as your “soft token.”  You will enter that code to complete your login and access the VPN. 

As we make this transition, you will be asked to create an “ITD VPN UIS profile.”  (It’s a quick and easy process.) 

Here’s what to expect:

You will receive an e-mail in the coming weeks with instructions to complete and activate your UIS profile.   

  • Your profile will be pre-populated with your e-mail address.
    • If you like, you can also add a phone number.
  • You will choose the way you wish to receive the one-time pass code each time you access the VPN:
    • By e-mail, or
    • By audio or text to the phone number of your choice.
  • You will also choose/respond to three security questions:
    • This will help secure your profile.
    • It will also enable you to reset your own password for the UIS in the future if you forget it.

Why are we doing this?

This is an important shift to using much more modern technology than the traditional security certificates we have used until now.  Certificates must be downloaded to a specific machine and then renewed periodically as they expire. 

By contrast, the UIS recognizes you each time you log in and immediately sends a fresh, one-time pass code – or soft token – to you by e-mail or phone, as you choose.  (You may have already experienced this process with online services you use in your private life.)  This provides much more secure, flexible, and cost-effective VPN access than is otherwise possible. 

Key dates:

  • Training – July 30 through August 5, 2014
  • Testing  - August 4 through August 15, 2014
  • Migration – September 8 through November 28, 2014
  • Shut down old VPN infrastructure – November 28, 2014 (TBD once all users are migrated)

Additional info:

  • A new ITD VPN Support page with both quick reference and in-depth information will be made available online soon. 
  • ITD’s CommonHelp Service Desk will provide day-to-day support throughout testing and rollout of the new platform. 

Thank you for your patience as we work through this transition.  We look forward to working with you.

Note for Agency Security Officers: Agency Security Officers will continue to enroll employees in the process for gaining VPN access.  With the new platform however, you will use ITD’s COMiT ticketing system instead of InTempo.