Support and FAQ

MFA, or Multifactor Authentication Software

MFA is everywhere you look across the modern digital landscape. Its purpose is to safeguard information stored within secured databases and systems. By using multiple factors to verify your identity, we reduce the risks that are associated with having compromised accounts.

MFA is “something you know” (ie: your security questions) or “something you have” (this could be anything from a hard token to a push notification from a mobile device, to a rotating ‘soft token’ six digit code from your phone).

How would I know if I am an MFA user?

Do you work from home, or do you access our network from a remote office? MFA software is most likely required for you. When signing into the Virtual Private Network (VPN) for example, MFA will require you to provide two or more forms of identification for access to the system, this will include your username and password, plus one other authentication factor.

Do I need to set this up on all my workstations?

You only need to set up your cloud account once, successfully. The beauty of the cloud is that you can take it anywhere with you, everywhere you go!

Setup is easiest when you have access to Wi-Fi, a laptop or desktop computer, and you will need your phone. *Your phone will need to have the Microsoft Authenticator app installed.

I already use MFA, why should I set up a ‘cloud’ account now?

If you already had MFA set up before January 2021, you still need to set up your new cloud account now. Prior to 2021, accounts were set up in a different environment which will be decommissioned on May 10th ending MFA access for those accounts. If you work remote in any capacity, you can switch to your cloud account seamlessly by setting up your cloud MFA account via your My Sign Ins page.

My Sign Ins uses cloud-based software, and you only need to set up your cloud account once to be able use it going forward from May 10th. By setting up your cloud account prior to May 10th, you ensure that you access to network tools continues after the May 10th cloud migration.

When do I start using My Sign Ins and stop using the MFA User Portal?

Starting on May 10, 2021 you should be managing your MFA Mobile account from My Sign Ins.

Can I use a personal mobile device for MFA soft tokens and/or authorizations?

It is fine to use personal phones. The app does not use any identifiable information. By default, a push notification will send you an Approval button that you are signing in somewhere. You can deny if you did not sign into anything. That’s all it does.

Will the Authenticator App work on more than one mobile device?

Yes. You can install the Authenticator app on any smart mobile device. Once linked to your work account you will receive push notifications unless you change your default settings.

Login to your My Sign Ins account to make changes.

Is this going to lock me out of my phone?

Your personal device will function the same as it does today. This service does not require you to have Mobile Device Management which is the technology that secures the data on your phone.

Can I use my mobile device without installing the Authenticator App?

Yes. You can choose to receive a text message with a one-time-passcode or token. Just select the Phone – Text option when setting up your account. When you are prompted for the one-time-passcode on the system, you will receive a text message with the code. Login to your My Sign Ins account to make changes.

I use an MFA Hard Token, do I need to set this up?

If you have a hard token, you should call the OCIO Service Desk or send us a service request through the OCIO website. In your request, include the serial number from the token’s label (not the rotating number). By taking this step you are setting up an appointment with OCIO support, and someone will be in touch with you to update your device before the upgrade.

While you do not need to setup your Cloud account on your mobile device, you may still do so if you have a smart phone.

I have VPN with Single Factor, does this apply to me?

We highly recommend establishing a policy in your organization that anyone who is using VPN needs to set up an MFA account.

Will this project force our VPN users to use MFA?

Single Factor is not a part of this project currently. Look for more details to come after this project is done on that specific topic and others.

Why do I need to upgrade to Windows 10?

Upgrading to Windows 10 provides three important benefits: security, supportability, and efficiency. As stated in previous communications, Windows 7 is no longer supported by Microsoft and will receive no future security or feature updates. Having all State of Nebraska computer on the latest operating system ensures that each device will receives the latest security patches. We are also able provide faster and reliable troubleshooting. Essentially this update will provide better service for all State of Nebraska employees.

Should I upgrade my computer myself?

This upgrade is available through the Windows Software Center to any teammates who are wanting to perform the upgrade at their convenience. There are situations when the upgrade should be performed with the assistance of OCIO Site Support.

If any of the following applies to you, please use the Service Portal to create an OCIO Site Support Service Request to ask for assistance:

  • You use a Windows 7 Pro
  • The workstation is an HP (Hewlett Packard) machine
  • The workstation has an add-on graphics card

How do I get Windows 10 Software?

To upgrade your Windows Software, you will need to locate the Software Center which is installed on all State of Nebraska computers. The option to upgrade can manually be triggered in the software center or remotely pushed by OCIO on a scheduled date. This action downloads the upgrade package to the computer and upgrades the operating system in place.

What should I do to prepare my machine for this upgrade?

The majority of the time the upgrade works flawlessly, but we are commonly updating older computers, which means, there are some simple preparations that need to take place.

  • Save all current work. As a precaution, backup important local disk information to a network shared drive.
  • The computer (laptop or notebook) needs to be plugged directly into the network and connected to a power source. This ensures fast, uninterrupted installation.
  • (Optional) Have a backup Device. In rare cases, the computer may take a long time to upgrade due to a stall or will need assistance by site support. Having another device available for a short time could be required to prevent loss of productivity.
  • (Optional) assistance can be requested prior to the installation by placing an OCIO Site Support Service request.
  • (Optional) Restart and close all programs. Just prior to the upgrade it is best to restart the computer and close any programs running in the background.

How do I install Windows 10?

The upgrade can take anywhere from a couple of hours to a half-day, so it is highly suggested to run the upgrade at the end of the day or after business hours. To start the upgrade manually use the following steps:

  1. Click on Windows “Start” button.
  2. Search and select the “Software Center” application.
  3. Select the “Operating Systems” section on the left side menu.
  4. Select “ENT Window 7 to 10 Upgrade vX (latest release)"
  5. Select "Install" and "Install" again on the popup message.

What will happen during the installation process?

The upgrade checks the system requirements, downloads the installation package, and performs the installation. The computer will reboot multiple times and should not be interrupted. You will know the installation is complete when you see the logon screen.

It is possible the upgrade could fail, if this happens then the computer is normally unaffected by the upgrade and will not be updated to Windows 10. If the upgrade fails and the computer is still on Windows 7, please create an OCIO Incident request with the Summary Title “Windows 7 to10 Upgrade failure. Att. System Center”

What should I expect from Windows 10 after the upgrade?

A successful upgrade to Windows 10, build 1809 will have some minor visual differences, but the majority of the operating system will be the same. Some applications may need to perform an update with Windows 10, and it is possible however rare that some software may need to be reinstalled.

What are the features of Windows 10?

Please review the Windows 10 Knowledge Base and Microsoft Windows 10 Tips.

What resources can I access while working from home?

The following services are available online from any device with internet connection. No Virtual Private Network access is required.

Email Access

Exchange Online:
http://outlook.nebraska.gov

Outlook 2016
https://mail.nebraska.gov/owa

Service Desk Public Site:

(Password) Account management, Request a Service or Report a Problem
https://cio.nebraska.gov/servicedesk/index.html

State Teammate Directory:

https://ne-phonebook.ne.gov/PhoneBook/faces/welcome.jsp

E1 (Time Entry):

https://pfc.ne.gov

Geographic Information Systems

NebraskaMap:
http://www.nebraskamap.gov/

NEGIS:
https://gis.ne.gov/portal/home/

Public Meeting Calendar:

https://www.nebraska.gov/calendar/index.cgi

Additional Services: for Devices with Internet

The following services are available online to subscribing customers. To request these services, contact the OCIO Service Desk at 402.471.4636 or 800.982.2468.

Can I access my network files and applications from home?

Whether using a State device, or your home computer, the Virtual Private Network (VPN) brings to your fingertips all of your normal working resources. Being on the VPN allows you to log into your workstation from a remote computer, meaning you get access to all of your files, internal worksites, and applications while working outside of the office.

For new VPN users: Effective March 16, 2020, new VPN accounts will require Multifactor-factor Authentication (MFA) to sign in. Teammates may request VPN and MFA services via the OCIO Service Desk with agency/manager approval.

    If you are already using a device that is connected to the network, use the Service Portal to:

  1. Request VPN Remote Access
  2. Request MFA Service

Or, call the Service Desk 402.471.4636 or 800.982.2468.

I need assistance to access my account

If you already have VPN/MFA access and need help signing in to your account, please call the Office of the CIO Service Desk for assistance 402.471.4636 or 800.982.2468.

Guidance for Teammates: Practicing Cyber Safety during the COVID-19 health pandemic, teleworking

“[We] are seeing a growing use of COVID-19-related themes by malicious cyber actors,” the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) stated Wednesday. “[They] are taking advantage of human traits such as curiosity and concern around the coronavirus pandemic”.

CISA encouraged individuals and organizations to reduce their risk of impact by malicious cyber criminals while the surge in teleworking has increased the use of potentially vulnerable services. In the coming weeks and months, cybercriminals will continue to use the pandemic for commercial gain through ransomware and other malware campaigns targeting Nebraskans and our contacts both at work and at home.

Your actions can make a difference! The following guidance comes directly from CISA’s website (https://www.us-cert.gov/ncas/alerts/aa20-099a). Please share this information among your contacts and teammates as appropriate.

How to Identify Phishing

The NCSC’s suspicious email guidance (https://www.ncsc.gov.uk/guidance/suspicious-email-actions ) explains what to do if you've already clicked on a potentially malicious email, attachment, or link.

  • Authority – Is the sender claiming to be from someone official (e.g., your bank or doctor, a lawyer, a government agency)? Criminals often pretend to be important people or organizations to trick you into doing what they want.
  • Urgency – Are you told you have a limited time to respond (e.g., in 24 hours or immediately)? Criminals often threaten you with fines or other negative consequences.
  • Emotion – Does the message make you panic, fearful, hopeful, or curious? Criminals often use threatening language, make false claims of support, or attempt to tease you into wanting to find out more.
  • Scarcity – Is the message offering something in short supply (e.g., concert tickets, money, or a cure for medical conditions)? Fear of missing out on a good deal or opportunity can make you respond quickly.

Safe Practices for Virtual Meeting Platforms

Due to COVID-19, an increasing number of individuals and organizations are turning to communications platforms for online meetings.

Tips for defending against online meeting hijacking:

  • Do not make meetings public. Instead, require a meeting password or use the waiting room feature and control the admittance of guests.
  • Do not share a link to a meeting on an unrestricted publicly available social media post. Provide the link directly to specific people.
  • Manage screensharing options. Change screensharing to “Host Only.”
  • Ensure users are using the updated version of remote access/meeting applications.
  • Ensure telework policies address requirements for physical and information security.
  • Applications will not contact end users via email regarding updates.
  • Email notifications should come from an approved State of Nebraska source. If you are not sure of the validity of an email, contact the Service Desk (https://cio.nebraska.gov/servicedesk/index.html) for guidance before taking other action.

This is a fast-moving situation and this alert does not seek to catalogue all COVID-19-related malicious cyber activity but bring awareness to ongoing cybercriminal campaigns. Individuals and organizations should remain alert to increased activity relating to COVID-19 and should use caution, common sense and take proactive steps to protect themselves and others.


Download PDF Instructions

Overview

When receiving a secure message from the State of Nebraska, you will follow directions based on which category you fall under: Office 365 Users, Gmail Users, and everyone else. Please select the instructions below which correspond to your situation. If you need assistance determining this, please contact your email provider or help desk.

Protected messages allows the sender to set specific permissions on a message, such as Do Not Forward or Do Not Print. If you receive a protected email message sent to your Microsoft 365 account or one you have access to in Outlook 365 (not Outlook 2016) or Outlook on the web, the message should open like any other message. You'll see a banner at the top of the message that informs you of any restrictions on the message.

If you're using a different email account or email program, you may receive a notification that you've received a protected message and need to take additional action.

Protected message notification

Reading a protected message with a Microsoft 365 email account in Outlook 365 or Outlook on the web

  • Desktop/Browser:
    1. If you're using a Microsoft 365 email account in Outlook 365 or Outlook on the Web, you shouldn't have to do anything special to read your message.
  • Mobile app:
    1. If you have a Microsoft 365 account and you're using the Outlook mobile app, the message should just open.

Reading a protected message with Gmail

  • Desktop/Browser:
    1. Select “Access Message” to open your message.
    2. Click “Sign in with Google” and sign in to your email account.
      1. If this does not work, please click “Sign in with a One-time passcode."
    3. You'll be redirected to the Gmail sign-in page. Once you sign in, select Allow.
  • Mobile app:
    1. Tap “Access Message” to read your message.
    2. Tap “Sign in with Google” and sign in to your email account.
      1. If this does not work, please click “Sign in with a One-time passcode."
    3. If you get a request for permissions, tap Yes or Allow to view the message.

Reading a protected message with a single-use code (all other email providers)

  • Desktop/Browser:
    1. Select “Access Message” to open your message.
    2. Click “Sign in with a One-time passcode”.
      1. The email to which the secure message was originally sent will receive an 8-digit code. You will have 15 minutes to enter that code.
    3. Click “Continue” to view the message.
  • Mobile app:
    1. Select “Access Message” to open your message.
    2. Click “Sign in with a One-time passcode”.
      1. The email to which the secure message was originally sent will receive an 8-digit code. You will have 15 minutes to enter that code.
    3. Click “Continue” to view the message.

If you get the error: "Authentication did not complete" in Google Chrome, follow one of the two workarounds below to get past this error:

Method 1:  If you choose this method once, you will need to choose it every time.

In the email, right-click and choose "Open link in incognito window" as below:

You should be presented a screen to request the one-time passcode.

Method 2:

Click to open the message, and when you see the prompt that says “authentication did not complete”, click on the lock in the address bar.
Choose cookies (like below):

Highlight the outlook.office365.com cookie and click remove:

Close the tab and go back to the email. Click to read the message again, and you should be prompted to request a one time passcode.
Once you enter the passcode, check the box "This is a private computer. Keep me signed in for 12 hours" to be able to open all encrypted messages from ATG for the rest of the day without having to request another passcode.

 

Didn’t find what you’re looking for?  The Service Portal is available to all @nebraska.gov users and is located at https://serviceportal.ne.gov, or call us directly at 402.471.4636 or 800.982.2468.  Our phones are answered at all times, 3:00PM or 3:00AM by State of Nebraska employees located right here in Lincoln, Nebraska.