MIT IS&T
MIT IS&T
MIT's Touchstone system to be powered by Okta starting on June 17
June 5, 2024
Olu Brown
Share |
Touchstone@MIT

Information Systems and Technology (IS&T) has launched a new version of Touchstone – the Institute’s single sign-on (SSO) web authentication service – now powered by Okta Identity Engine, a modern cloud-based and extensible platform.

Following a successful pilot involving numerous MIT systems and services, IS&T will update Touchstone's configuration on June 17 so that all Touchstone-enabled systems will use the new Okta-powered single sign-on service.

Active sessions will not be disrupted; currently authenticated users will not be affected. Users logging in to a Touchstone-enabled system for the first time after this change will see the updated login screen, which looks and functions similarly to legacy Touchstone, with the following differences:

  • The login page will be on okta.mit.edu instead of idp.mit.edu.
  • The first time you authenticate to an application or service using Touchstone powered by Okta, you will be prompted to complete a one-time task to re-connect your login to your Duo account.
  • Touchstone powered by Okta supports authenticating using your MIT username and Kerberos password, but not MIT certificates or Kerberos tickets (SPNEGO).

See Touchstone powered by Okta in the Knowledge Base for more details, including screenshots.

Transitioning to the Okta platform enables Touchstone to provide support for new authentication mechanisms and second factors, representing an improvement over the ease-of-use previously offered by MIT certificates and SPNEGO. IS&T expects to make these improvements available to the community in coming months.

No action will be required by the developers or integrators who maintain applications and services currently configured to use Touchstone, as Touchstone powered by Okta will continue to support existing applications seamlessly. New applications and services requiring Touchstone authentication will be configured to use the new platform. For assistance enabling Touchstone SSO for an application or service, contact touchstone-support@mit.edu.

Updates on this change will be posted to atlas-status.mit.edu.

If you need assistance using Touchstone, contact the IS&T Service Desk by calling 617-253-1101, emailing servicedesk@mit.edu, or using the chat feature in the MIT Atlas app. 

7 Comments

|Login to Comment on this story

carolin@mit.edu | Jun 17, 2024 | 8:12 AM

MIT-SG

carolin@mit.edu | Jun 17, 2024 | 8:13 AM

Can't log in

carolin@mit.edu | Jun 17, 2024 | 8:13 AM

Can't log in

carolin@mit.edu | Jun 17, 2024 | 8:14 AM

508-259-9231 Having trouble logging into

pog@mit.edu | Jun 21, 2024 | 3:37 PM

As described, it seems we have lost the convenience of using certificates and now have to always type in a password. Could you explain more about how this helps? It's currently unclear why this is "representing an improvement over the ease-of-use previously offered by MIT certificates and SPNEGO"?

jrk@mit.edu | Jul 3, 2024 | 4:04 PM

This change has dramatically increased the friction of authenticating to campus web services: it now requires at least 3x as many manual action steps and page loads to authenticate.

wijtmans@mit.edu | Jul 19, 2024 | 12:05 PM

Is there a way to contact the design team working on updating the system? As an administrative assistant, I've found that many of the recent system updates do not seem to have a mechanism for administrators to act on behalf of their professors. Is there a way to check in if these types of use-cases are being accounted for?