Infrastructure Services

DoIT provides a number of IT infrastructure-related services to Executive Branch State agencies.

Multi-Factor Authentication Services

Service

Description

The Maryland Department of Information Technology (DoIT) offers Maryland state agencies a secure and centrally managed Multi-Factor Authentication (MFA) platform, also known as Identity Access Management (IAM) and Single Sign-On (SSO). The DoIT IAM technology can be used to initiate, capture, record and manage user identities and their related access permissions in an automated fashion. This ensures that access privileges granted according to one interpretation of policy and all individuals and services are properly authenticated, authorized and audited.

Features and Benefits

One of the greatest benefits of Multi-Factor Authentication (MFA) is that it allows organizations to use advanced security options like Single Sign-On (SSO), which is easier for users, but harder for hackers. With SSO, the user performs an initial MFA process. Once that’s done successfully, the user is admitted to their SSO software and can gain access to all their required apps and data without having to enter passwords or credentials each time. This in turn lets users avoid entering passwords multiple times a day, saving them a few minutes of time each day.

MFA requires additional credentials beyond username and password for gaining access to an application, site, or data. There are three basic elements that can be used in MFA:

The user knows (like a password or PIN)
The user possesses (like a smart card or mobile phone)
The user is (as represented by, say, a fingerprint)

Another benefit is to deter social engineering. Social engineering is a technique used by hackers to gain access to people’s data, accounts, or financial information. Through social engineering, hackers will attempt to talk someone out of a password, or other identifying information (like a Social Security number). This might be easy, however when combined with MFA, attempting to talk someone out of a password and the special code sent to their phone is extremely difficult or impossible. More people are conscientious enough to not allow that level of manipulation.

Additionally, MFA services offer improved protection, ensure maximum security and unparalleled protection that doesn’t get in the way of the user experience and productivity.

Department Owner
Infrastructure Services

Service Owner
Ronald L. Mundy
ronaldl.mundy@maryland.gov
410-697-9466

Support Contact
DoIT Service Desk
service.desk@maryland.gov
410-697-9700

Status
Currently offered

Eligible Customers

Enterprise Agencies	Yes
Standalone (Non-Enterprise) Agencies	Yes
Counties	No
Local Municipalities	No
Public	No

Notes:
N/A

Service Prerequisites

Before service can be provisioned, the customer must meet the following requirements.

DoIT Provided Services	Access to the secure-auth portal
Technical	N/A
Non-Technical	Customer needs to have some level of knowledge of application that will be integrated with the multi-factor authentication.

Notes:
Special conditions apply. Applications must support multi-factor authentication.

Scope of Service

This section outlines the area of responsibility between the provider (DoIT) and the customer.

In Scope	Applications that support Multi-Factor Authentication (MFA) integration and Security Assertion Markup Language (SAML 2.0).
Out of Scope	Other requirements may need to be met in order to integrate an application with the MFA platform.
Customer Responsibilities	Customers create security questions and secondary authentication automation methods.

Service Level Agreements

Category	Enterprise Customer	Standalone (Non-Enterprise) Customer
Availability	99.9% Uptime	99.9% Uptime
Capacity	N/A	N/A
Support Hours	8AM - 5PM Monday - Friday	8AM - 5PM Monday - Friday
Maintenance Schedules	N/A	N/A
Upgrades and Refreshes	Planned network maintenance or expected network interruptions are communicated to the customer.	Planned network maintenance or expected network interruptions are communicated to the customer.

Notes:
N/A