Secure Remote Access Frequently Asked Questions



Download 36.83 Kb.
Date21.06.2017
Size36.83 Kb.
#21289



Secure Remote Access

Frequently Asked Questions


Updated: April 29, 2015

Background



  1. Why is CHI implementing Secure Remote Access?

Every day passwords are stolen, cracked, phished, guessed, bought, sniffed, captured or leaked. Cybercriminals have compromised Anthem, Sony, Target, Home Depot and Gawker (and many more). Passwords are not enough for protecting login credentials - that’s why CHI is introducing Secure Remote Access.


  1. I enrolled in CHI Secure Access Two-factor Authentication in 2014. Is this the same program, do I need to enroll again?

Secure Remote Access, a tool requiring two factors for user authentication from Duo, is not the same as Two-factor Authentication (from Microsoft) that was used at CHI in 2014. User information cannot be transferred from the Microsoft tool to the Duo tool. However, ITS used the user feedback from 2014 to select this new tool - it includes a “remember my device” feature and users can authenticate even when they’re offline, with mobile apps, or just landlines. Feedback from physicians and clinicians, during initial proof of concept testing for Secure Remote Access (two-factor authentication from Duo), has been overwhelming positive.


  1. Am I required to use Secure Remote Access?

Yes, once you are enrolled in Secure Remote Access, you will be required to use two-factor authentication by Duo.


  1. I know how to avoid phishing email messages, why do I need to use this?

Unfortunately, experience has shown that people are not as good at recognizing malicious email as one might think. Every day, members of the CHI community fall prey to these kinds of scams. We have to take steps to ensure that we are more than just a single click away from having data stolen or becoming a victim of identity theft.


    How it Works

  1. How does Secure Remote Access work?



Secure Remote Access uses 1) a person’s username and password (something you know) and 2) an additional login verification (something you have) such a mobile app, phone (cell or landline) or pre-issued passcode (for those times when cell or internet coverage is not available). Once you've enrolled in Secure Remote Access you're ready to go: You'll login as usual with your username and password, and then use your device to verify that it's you.
Your user name and password are the same ones used to login to your computer to begin work, as well as for Inside CHI, Webmail and Standard Time and Attendance; also known as your CHI Windows/CHI Network/Active Directory, or AD account username and password.


  1. What kinds of devices can I use with Secure Remote Access?

There are four physical devices that you can use to provide the second factor of two-step authentication. Each device has one or more authentication methods available.


DEVICE tYPE

Authentication Options

Supported Platforms

Smartphone

  • iOS

  • Android

  • Windows Mobile

Tablet

  • Duo Mobile push notification

  • Duo Mobile passcode

  • iOS

  • Android

  • Windows Mobile

Mobile Phone

  • SMS text message

  • Phone call

  • Mobile phones with SMS text messaging capability

Landline

  • Phone call

  • All phones



  1. Will I continue to login remotely from the same web address? Is anything else changing?

Yes, you will continue to log in using the same web address as before. The look of the login screen may change, but after you login, the application will look and feel and the same.


  1. How often will I be required to login Secure Remote Access? Will my session time out?

You will be required to use Secure Remote Access every time you login, unless your device is registered as a “remembered device.” Your session is active for the same amount of time as it was before, based on the guidelines set for each individual application.
Note: When exiting Citrix applications, you will need to go to Settings and click “Logout;” simply closing out of your session will not log you off the system.



    When to Use Secure Remote Access



  1. What is considered remote access?

Secure Remote Access currently is needed only for remote access to Citrix applications accessed at webapps.catholichealth.net and acis.catholichealth.net. It will be added for remote access to other applications in a phased approach. Remote access includes:

  • Clinics that don’t reside on the CHI network

  • Remote clinicians checking on a patient, working from the office or home

  • Transcriptionists and others working remotely

  • Third parties/business partners (examples: Conifer, Allscripts Support)

  • Commuters and travelers

  • Using the CHI guest network



  1. Is the VPN required to use Secure Remote Access?

    VPN access will not require Secure Remote Access at this time; it is currently needed only for Citrix applications.



  1. How do I get VPN access?

    VPN access, called “Client VPN,” can be configured for CHI employees using CHI devices. Contact the ITS Service Desk (866-236-0441 or 720-875-7500 in Denver).



  1. Will I be still be required to use VPN for certain applications, just as I am today, if I use Secure Remote Access?

    Yes, you will continue to use VPN just as you do today; VPN requirements are not changing with Secure Remote Access.



  1. Are Outlook Webmail (OWA) and Inside CHI required to use Secure Remote Access?

No, at this time, OWA and Inside CHI are not required to use Secure Remote Access. However, Included in a future phase of Secure Remote Access.



Enrollment

  1. How does enrollment work?

Online enrollment is easy and takes less than five minutes. For Citrix applications (webapps.catholichealth.net and acis.catholichealth.net), users will begin using Secure Remote Access as soon as they enroll. Examples of some commonly used Citrix applications include, but are not limited to, Allscripts, Cerner, Clinician Valet, Epic, Extranet, PACS, Powerchart, Meditech, McKesson and MD Valet.


  1. How will I know my enrollment was successful?

    Secure Remote Access begins immediately after enrollment. You will be prompted to use Secure Remote Access as soon as you enroll.

    Tips for Using Secure Remote Access



  1. Do I have to use Secure Remote Access every time I log in to Citrix?

Secure Remote Access allows you to remember a device for 60 days. You can approve any computer that you commonly use and will not be required to provide two-factor authentication confirmation until next month. For example, if you have a desktop and a laptop, you can approve both computers as trusted devices and not have to confirm your identity with a phone until the following month.


  1. Do I need a smart phone to use Secure Remote Access?

No. Secure Remote Access provides a great deal of flexibility and you do not need a smart phone to use it. The recommended smart mobile phone option makes two-factor authentication extremely easy, but a lot of other easy options exist as well. Secure Remote Access can send a text message to a regular cell phone or place a voice call to your office landline phone or cell phone.


  1. What if I don’t have a cell phone?

If you don’t have a cell phone, Secure Remote Access allows you to use your landline phone. You would receive an automated phone call that requires you to hit any button to confirm your identity.


  1. What if I don’t have a data plan on my phone? What if I don’t have a connection?

The Secure Remote Access smart phone app provides options that work without a data plan, a texting plan or even a connection, if necessary. The app can generate the required code without need of either a telephone signal or data plan, and it can do so anywhere in the world. If you have a signal and data plan, the app makes two-factor authentication as easy as a pushing a single button, but if you don’t, you can use the app to generate a six digit code and enter that instead.


  1. Can I set up Secure Remote Access on more than one phone?

When you are doing your initial setup, you may add as many phones as you like (landline and/or mobile). After that, when you are logging in you can choose which line Secure Remote Access will send the authentication request to (via smart phone app, SMS text message, or phone call depending on what you chose).


  1. What is the Manage Devices button? Can I use that to add more devices?

Yes, you can use the Manage Devices feature to add, remove, or change the devices that Secure Remote Access can use to verify who you are. However, you can’t alter your current device without contacting the ITS Service Desk 866-236-0441 or 720-875-7500 in Denver). For example, if you get a new phone for your existing phone number, you should contact the ITS Service Desk for assistance. Note that, when the ITS Service Desk adds your device, you will not need to go through the setup screen – the ITS Service Desk will send you the needed codes directly from Secure Remote Access.


  1. I have a new phone and the Secure Remote access app stopped working. What should I do?

If you get a new phone, even if the Secure Remote Access app is restored from a cloud backup, it will lose its association with your account. If the phone number of your new phone is the same, you can still authenticate using the phone call or sms option, but the push option will not work until re-activated.
You can re-activate your new phone with the Manage devices option. First, ensure that you still have access to any of the phone numbers enrolled in Secure Remote Access. Set the authentication option to Phone Call and then select Manage devices. The phone you chose should ring, and you will need to answer, and hit any key to authenticate. From here, you can select the phone number of your new phone (assuming it’s the same phone number) and under Actions, select Activate Duo Mobile. This will prompt you to scan in a new QR code from the Duo app.


  1. Can I use Secure Remote Access smart phone app internationally?

The Secure Remote access smart phone app is designed to work internationally. If you install the app, it can generate the required code without need of either a telephone signal or data plan, and it can do this anywhere in the world. If you have a signal and data plan, the app makes two-factor authentication as easy as a pushing a single button, but if you don’t have one of those two things, you can use the app to generate a six digit code and enter that manually.


  1. What happens if I set up my browser to clear cache/cookies after exiting?

The “Remember your device for 60 days” option uses a persistent cookie. If you clear cookies after you log off of the browser, the device will not be remembered and you will have to confirm your identity again when logging in.


  1. What if I forget my phone at home?

You can contact the ITS Service Desk (866-236-0441 or 720-875-7500 in Denver).

They will verify your identity and provide a temporary passcode.




  1. What if I lose my phone?

Contact the ITS Service Desk 866-236-0441 or 720-875-7500 in Denver) immediately and they will lock your Secure Remote Access account to prevent malicious activity.


  1. After confirming a legitimate login attempt, I'm stuck on a strange two-step screen. Why?

Logging in with Secure Remote access requires that JavaScript is enabled. If it is not, your attempt to log in will fail and your screen will look like this:

If you encounter this issue, disable any JavaScript blocking plugins or browser settings (or include an exception for scripts from duosecurity.com) and attempt to log in again.




  1. I stopped receiving push notifications from Secure Remote Access on my phone. What should I do?

You may have trouble receiving push requests if there are network issues between your phone and the Secure Remote Access service. Many phones have trouble determining whether to use the WiFi or cellular data channel when checking for push requests, and simply turning the phone to airplane mode and back to normal operating mode again often resolves these sort of issues, if there is a reliable internet connection available. Similarly, the issue may be resolved by turning off the WiFi connection on your device and using the cellular data connection.
Check the time and date on your phone and make sure they are correct. If the date and time on your phone are manually set, try changing your device's configuration to sync date and time automatically with the network.
If neither of these suggestions work, then the simplest resolution is to contact the ITS Service Desk 866-236-0441 or 720-875-7500 in Denver) to request re-activation of Secure Remote Access.


  1. I am running iOS 4.3 (or lower) and I am not able to install Secure Remote Access Duo Mobile 3.1.0 from the App Store on my iPhone. What should I do?

The minimum supported operating system version for Duo Mobile 3.1.0 and above is iOS 6.0. Users installing Duo Mobile for the first time with devices running pre-iOS 6.0 need to download Duo Mobile from the App Store using the iTunes application on a Mac or PC computer. You must be signed in with the same iTunes account you plan to use with your phone.
When the download is complete, open the App Store on your pre-iOS 6.0 device, and install Duo Mobile. You will be prompted with an alert informing you will receive the latest compatible version of Duo Mobile (v3.0.2).
Questions


  1. Where do I go if I have difficulties or questions?

Help is available 24 x 7 by contacting the ITS Service Desk (866-236-0441 or 720-875-7500 in Denver).

Confidential and Proprietary – Catholic Health Initiatives 2015


Download 36.83 Kb.

Share with your friends:




The database is protected by copyright ©ininet.org 2024
send message

    Main page