Touchstone powered by Okta

On this page:

Overview
Why can't I use my MIT certificate?
Do I still need a certificate?
Touchstone screen examples

Touchstone powered by Okta
Legacy Touchstone

First time logging into Touchstone powered by Okta
Have Questions or Still Need Help?

Overview

IS&T has launched a new version of Touchstone – the Institute’s single sign-on web authentication service – now powered by Okta Identity Engine, a modern cloud-based and extensible platform.

Touchstone powered by Okta looks and functions similarly to the legacy Touchstone, with the following differences:

The login page will be on okta.mit.edu instead of idp.mit.edu.
The first time you authenticate to an application or service using Touchstone powered by Okta, you will be prompted to complete a one-time task to re-connect your login to your Duo account. See First time logging into Touchstone powered by Okta below.
Touchstone powered by Okta prompts you for your MIT Kerberos username rather than presenting MIT certificates or Kerberos tickets (SPNEGO) as options.

Why can't I use my MIT certificate?

Touchstone powered by Okta supports authenticating using your MIT username and Kerberos password, but not MIT certificates or Kerberos tickets (SPNEGO).

Transitioning to the Okta platform enables Touchstone to provide support for new authentication mechanisms and second factors, representing an improvement over the ease-of-use previously offered by MIT certificates and SPNEGO. IS&T expects to make these improvements available to the community in coming months.

IS&T recommends using a password manager to make creating, updating, and using strong passwords easier. IS&T provides LastPass Enterprise for use by the MIT community at no cost to the user.