WHAT ARE WE DOING?
We will be changing the login prompt of the Fermilab VPN system to allow multifactor authentication as an option. MFA involves the use an RSA token or a YubiKey to access the system. You will NOT yet be required to use MFA for VPN after this change, but you are welcome to try it out if you like. At a future date access to the VPN system will be switched over to requiring MFA.
This change will cause two brief disruptions to the VPN service as described below.
WHAT IS THE IMPACT TO YOU?
1. We expect two brief disruptions to individuals who have open VPN sessions to conduct this work:
- Tuesday, July 9, at 1 pm. (The login prompt will not yet change at this time.)
- Wednesday, July 10, at approximately 10 a.m. (The login prompt will change.)
In both cases, we expect that if you are logged on to the VPN system during the disruption, you will be automatically reconnected. If you are not reconnected, please connect manually as usual.
- This change will not affect the way you are currently use the VPN system.
After the change, you will notice that the new login prompt will provide a drop-down menu to choose one of three VPN groups: SiteVPN, SiteVPN-Yubikey-Cert and SiteVPN-RSA. You can continue using the current VPN system as usual by selecting the SiteVPN group if it is not already selected by default.
WHAT DO YOU NEED TO DO?
If SiteVPN is not selected by default in the “Group” field, then select it from the drop-down menu and connect to the VPN system as usual.
More details on the new VPN prompt can be found at https://fermi.service-now.com/wp?id=kb_article&sys_id=KB0013046
Again, this change will not require you to use MFA for VPN yet.