Service Announcements

MFA is everywhere you look across the modern digital landscape. Its purpose is to safeguard information stored within secured databases and systems. By using multiple factors to verify your identity, we reduce the risks that are associated with having compromised accounts.

MFA is “something you know” (ie: your security questions) or “something you have” (this could be anything from a hard token to a push notification from a mobile device, to a rotating ‘soft token’ six digit code from your phone).

You only need to set up your cloud account once, successfully. The beauty of the cloud is that you can take it anywhere with you, everywhere you go!

Setup is easiest when you have access to Wi-Fi, a laptop or desktop computer, and you will need your phone. *Your phone will need to have the Microsoft Authenticator app installed.

Do you work from home, or do you access our network from a remote office? MFA software is most likely required for you. When signing into the Virtual Private Network (VPN) for example, MFA will require you to provide two or more forms of identification for access to the system, this will include your username and password, plus one other authentication factor.

It is fine to use personal phones. The app does not use any identifiable information. By default, a push notification will send you an Approval button that you are signing in somewhere. You can deny if you did not sign into anything. That’s all it does.

If you already had MFA set up before January 2021, you still need to set up your new cloud account now. Prior to 2021, accounts were set up in a different environment which will be decommissioned on May 10th ending MFA access for those accounts. If you work remote in any capacity, you can switch to your cloud account seamlessly by setting up your cloud MFA account via your My Sign Ins page.

My Sign Ins uses cloud-based software, and you only need to set up your cloud account once to be able use it going forward from May 10th. By setting up your cloud account prior to May 10th, you ensure that you access to network tools continues after the May 10th cloud migration.

Starting on May 10, 2021 you should be managing your MFA Mobile account from My Sign Ins.

Yes. You can install the Authenticator app on any smart mobile device. Once linked to your work account you will receive push notifications unless you change your default settings.

Login to your My Sign Ins account to make changes.

Your personal device will function the same as it does today. This service does not require you to have Mobile Device Management which is the technology that secures the data on your phone.

Can I use my mobile device without installing the Authenticator App?

Yes. You can choose to receive a text message with a one-time-passcode or token. Just select the Phone – Text option when setting up your account. When you are prompted for the one-time-passcode on the system, you will receive a text message with the code. Login to your My Sign Ins account to make changes.

If you have a hard token, you should call the OCIO Service Desk or send us a service request through the OCIO website. In your request, include the serial number from the token’s label (not the rotating number). By taking this step you are setting up an appointment with OCIO support, and someone will be in touch with you to update your device before the upgrade.

While you do not need to setup your Cloud account on your mobile device, you may still do so if you have a smart phone.

We highly recommend establishing a policy in your organization that anyone who is using VPN needs to set up an MFA account.

Single Factor is not a part of this project currently. Look for more details to come after this project is done on that specific topic and others.

The following services are available online from any device with internet connection. No Virtual Private Network access is required.

Email Access

Exchange Online:
http://outlook.nebraska.gov

Outlook 2016
https://mail.nebraska.gov/owa

Service Desk Public Site:

(Password) Account management, Request a Service or Report a Problem
https://cio.nebraska.gov/servicedesk/index.html

State Teammate Directory:

https://ne-phonebook.ne.gov/PhoneBook/faces/welcome.jsp

E1 (Time Entry):

https://pfc.ne.gov

Geographic Information Systems

NebraskaMap:
http://www.nebraskamap.gov/

NEGIS:
https://gis.ne.gov/portal/home/

Public Meeting Calendar:

https://www.nebraska.gov/calendar/index.cgi

Additional Services: for Devices with Internet

The following services are available online to subscribing customers. To request these services, contact the OCIO Service Desk at 402.471.4636 or 800.982.2468.

• Personal File Share Service: See our Service Catalog to learn more about this service offering: https://nebraska.sharefile.com
• Nebraska Video Conferencing: See our Service Catalog to learn more about this service offering.

Whether using a State device, or your home computer, the Virtual Private Network (VPN) brings to your fingertips all of your normal working resources. Being on the VPN allows you to log into your workstation from a remote computer, meaning you get access to all of your files, internal worksites, and applications while working outside of the office.

For new VPN users: Effective March 16, 2020, new VPN accounts will require Multifactor-factor Authentication (MFA) to sign in. Teammates may request VPN and MFA services via the OCIO Service Desk with agency/manager approval.

If you are already using a device that is connected to the network, use the Service Portal to:

1. Request VPN Remote Access
2. Request MFA Service

Or, call the Service Desk 402.471.4636 or 800.982.2468.

I need assistance to access my account

If you already have VPN/MFA access and need help signing in to your account, please call the Office of the CIO Service Desk for assistance 402.471.4636 or 800.982.2468.

Infrastructure Security Agency (CISA) encourages individuals and organizations to reduce their risk of impact by malicious cyber criminals while the surge in teleworking has increased the use of potentially vulnerable services. Cyber criminals continue to seek commercial gains through ransomware and other malware campaigns targeting Nebraskans and our contacts both at work and at home.

Your actions can make a difference! The following guidance comes directly from CISA’s website (https://www.us-cert.gov/ncas/alerts/aa20-099a). Please share this information among your contacts and teammates as appropriate.

The NCSC’s suspicious email guidance (https://www.ncsc.gov.uk/guidance/suspicious-email-actions ) explains what to do if you've already clicked on a potentially malicious email, attachment, or link.

• Authority – Is the sender claiming to be from someone official (e.g., your bank or doctor, a lawyer, a government agency)? Criminals often pretend to be important people or organizations to trick you into doing what they want.
• Urgency – Are you told you have a limited time to respond (e.g., in 24 hours or immediately)? Criminals often threaten you with fines or other negative consequences.
• Emotion – Does the message make you panic, fearful, hopeful, or curious? Criminals often use threatening language, make false claims of support, or attempt to tease you into wanting to find out more.
• Scarcity – Is the message offering something in short supply (e.g., concert tickets, money, or a cure for medical conditions)? Fear of missing out on a good deal or opportunity can make you respond quickly.

An increasing number of individuals and organizations are turning to communications platforms for online meetings.

Tips for defending against online meeting hijacking:

• Do not make meetings public. Instead, require a meeting password or use the waiting room feature and control the admittance of guests.
• Do not share a link to a meeting on an unrestricted publicly available social media post. Provide the link directly to specific people.
• Manage screensharing options. Change screensharing to “Host Only.”
• Ensure users are using the updated version of remote access/meeting applications.
• Ensure telework policies address requirements for physical and information security.
• Applications will not contact end users via email regarding updates.
• Email notifications should come from an approved State of Nebraska source. If you are not sure of the validity of an email, contact the Service Desk (https://cio.nebraska.gov/servicedesk/index.html) for guidance before taking other action.

Download PDF Instructions

When receiving a secure message from the State of Nebraska, you will follow directions based on which category you fall under: Office 365 Users, Gmail Users, and everyone else. Please select the instructions below which correspond to your situation. If you need assistance determining this, please contact your email provider or help desk.

Protected messages allows the sender to set specific permissions on a message, such as Do Not Forward or Do Not Print. If you receive a protected email message sent to your Microsoft 365 account or one you have access to in Outlook 365 (not Outlook 2016) or Outlook on the web, the message should open like any other message. You'll see a banner at the top of the message that informs you of any restrictions on the message.

If you're using a different email account or email program, you may receive a notification that you've received a protected message and need to take additional action.

• Desktop/Browser:
  • If you're using a Microsoft 365 email account in Outlook 365 or Outlook on the Web, you shouldn't have to do anything special to read your message.
• Mobile app:
  • If you have a Microsoft 365 account and you're using the Outlook mobile app, the message should just open.

• Desktop/Browser:
  • Select “Access Message” to open your message.
  • Click “Sign in with Google” and sign in to your email account.
    • If this does not work, please click “Sign in with a One-time passcode."
  • You'll be redirected to the Gmail sign-in page. Once you sign in, select Allow.
• Mobile app:
  • Tap “Access Message” to read your message.
  • Tap “Sign in with Google” and sign in to your email account.
    • If this does not work, please click “Sign in with a One-time passcode."
  • If you get a request for permissions, tap Yes or Allow to view the message.

• Desktop/Browser:
  • Select “Access Message” to open your message.
  • Click “Sign in with a One-time passcode”.
    • The email to which the secure message was originally sent will receive an 8-digit code. You will have 15 minutes to enter that code.
  • Click “Continue” to view the message.
• Mobile app:
  • Select “Access Message” to open your message.
  • Click “Sign in with a One-time passcode”.
    • The email to which the secure message was originally sent will receive an 8-digit code. You will have 15 minutes to enter that code.
  • Click “Continue” to view the message.
• If you get the error: "Authentication did not complete" in Google Chrome, follow one of the two workarounds below to get past this error:

Method 1: If you choose this method once, you will need to choose it every time .

• In the email, right-click and choose "Open link in incognito window" as below:

You should be presented a screen to request the one-time passcode.

Method 2:

Click to open the message, and when you see the prompt that says “authentication did not complete”, click on the lock in the address bar.
Choose cookies (like below):

Highlight the outlook.office365.com cookie and click remove:

Close the tab and go back to the email. Click to read the message again, and you should be prompted to request a one time passcode.
Once you enter the passcode, check the box "This is a private computer. Keep me signed in for 12 hours" to be able to open all encrypted messages from ATG for the rest of the day without having to request another passcode.