Touchstone powered by Okta

On this page:

Overview
Touchstone screen examples

Touchstone powered by Okta
Legacy Touchstone

First time logging into Touchstone powered by Okta
Have Questions or Still Need Help?

Overview

IS&T is launching a new version of Touchstone – the Institute’s single sign-on web authentication service – now powered by Okta Identity Engine, a modern cloud-based and extensible platform.

Touchstone powered by Okta is being implemented for selected websites and applications during a phased pilot period, in advance of a full roll-out.

Touchstone powered by Okta looks and functions similarly to the legacy Touchstone, with the following differences:

The URL seen during login will be okta.mit.edu instead of idp.mit.edu.
The first time you authenticate to an application or service using Touchstone powered by Okta, you will be prompted to complete a one-time task to re-connect your login to your Duo account. See First time logging into Touchstone powered by Okta below.
Touchstone powered by Okta supports authenticating using your MIT username and Kerberos password, but not MIT certificates or Kerberos tickets (SPNEGO).

Transitioning to the Okta platform enables Touchstone to provide support for new authentication mechanisms and second factors, representing an improvement over the ease-of-use previously offered by MIT certificates and SPNEGO. IS&T expects to make these improvements available to the community in coming months.

IS&T recommends using a password manager to make creating, updating, and using strong passwords easier. IS&T provides LastPass Enterprise for use by the MIT community at no cost to the user.