Overview of User Logon Experience
The User Logon Experience project is a consolidated release of multiple related technical changes. These improvements have been co-ordinated as far as possible into one project, to minimise the impact of change on users.
Using a good password is essential in securing our data, your personal details and student information, which is why we have increased password controls on DoE accounts. For instructions on setting a good password, visit change password on staff portal.
We have also introduced multi-factor authentication (MFA), to further secure your personal information. You may already be familiar with receiving SMS or email messages from your bank or other institutions when you change personal details or carry out online transactions. This is called multi-factor authentication and it is used to verify that it is really you carrying out that activity.
We have introduced this additional level of protection whenever you access your personal profile page in SAP Employee Self Service or your security settings in staff portal. Your personal profile includes your email address, mobile number and bank account details, into which your salary is paid. To stop these details from being changed without your authority, you will be sent a security code, via SMS and/or personal email address, which must be entered before access will be given to your secure information.
Please note that MFA only applies to staff.
A short video (47 seconds) is provided below to show how MFA works.
Secured.Logon frequently asked questions
Can MFA send security codes to my DoE mobile number?
Yes, MFA can send security codes to your DoE mobile number.
Can MFA send security codes to my DoE email address?
No, MFA cannot send security codes to your DoE email address. This is to overcome the situation where a DoE account has been compromised.
What if I don't have a personal email address?
MFA will also send security codes via SMS to a mobile phone number. You will be able to check if you have a mobile number registered in Manage Security Settings in you staff portal profile. Alternatively you can set up a free personal email address on Gmail, Outlook or Yahoo.
What if I don't have a personal email address or mobile phone number listed?
In this scenario, if you were to attempt accessing your personal information in the two areas listed above, you will be prompted to contact EDConnect. They will enable access temporarily so you can then add one of these methods of communication.
Currently, different services within the department use different logon usernames, for example:
The industry standard for a username is the user's full email address. By standardising on this format, it will allow the department to easily integrate applications and services in the market place today. To get the benefits of the newest and best technologies (for example: reduced logon prompts through Integrated Windows Authentication (IWA)), we need to use the full email address as our username format. This will allow our systems to pass through a user's logon credentials to other applications/services in a format which will be accepted by them. Making our logon credentials uniform as far as possible for every staff user also streamlines our support processes with one easy-to-remember logon identity across all department services.
There is a requirement for the department to update staff e-mailboxes to take advantage of more cloud-based services. The department will migrate our on-premises mail solution into the cloud in the near future to enrich Microsoft Office 365 services and provide larger mailboxes to staff. The cloud mail service will only accept an email address as a logon username, so this work is being undertaken alongside the other changes to minimise disruption to users.
This change will only apply for staff. There is no change to the way students log onto desktops, applications or services and there is no change to student email services which will remain on the Google Gmail platform.
The introduction of IWA effectively means that Windows takes your desktop logon username and password (your 'credentials') and passes them through to single sign-on (SSO) enabled applications that you access, eliminating the need for you to sign in again to those apps multiple times a day. Your initial desktop logon acts as the key for all the apps that can take advantage of this feature. This allows users to enjoy SSO convenience for most applications when using a device managed by the department.
This change will apply to all staff and students.