Employee VPN access

From WSU Technology Knowledge Base
Jump to navigation Jump to search

Winona State University Information Technology Services provides employee VPN access to those working from off-campus locations. To maintain data security, access to some online systems and services requires a direct connection to our private campus network. Using our virtual private network (VPN), employees working remotely can emulate this direct, private connection and access these services as if they were on campus. Most employees do not need a continuous VPN connection when working remotely. Employees cannot establish a VPN connection using a personally-owned device and must use multi-factor authentication to verify their credentials when connecting to our VPN.

Prepare for MFA

Employee access to our VPN requires multifactor authentication. This must be set up before you connect to our VPN for the first time. Follow the steps below:

Install the Microsoft Authenticator app

If you have not installed the Microsoft Authenticator app on your phone, Installing Microsoft Authenticator provides access to the app and installation instructions.

Add your VPN account to Microsoft Authenticator

This step must be completed while on the Winona or Rochester campus. Please use Google Chrome to complete this step. There are known issues with other browsers. If using a Winona State University laptop, you must be connected to the WAZOO wireless network. You can also complete this step using your office desktop with a secure wired network connection.

  1. If using a laptop, ensure that it's connected to the WAZOO wireless network
  2. Use Chrome to go to the VPN enrollment site at https://otp.winona.edu/enroll
  3. Enter your StarID (e.g., ab1234cd) in the Username field and select Submit
  4. Enter your StarID password and select Submit
  5. Click the Add OATH Token button
  6. Click the radio button next to Online then click Add. You will be presented with a QR code and a manual code.
  7. Open Microsoft Authenticator on your phone or tablet, tap Add Accounts, then Work or School account. The app will ask for permission to use your camera, tap Allow. Then, use your phone to scan the QR code on your computer screen. Your account will be added to the app.
  8. IMPORTANT: Select the Done button on your computer screen to complete the enrollment process.
  9. Close and reopen Microsoft Authenticator to ensure that the Winona online account was added. Select that account to see a rolling one-time password. You will use that to verify your VPN credentials. Note that you may have other accounts listed in your authenticator app with their own rolling codes.

Connect to VPN

PC users

  1. Select Start and type "Cisco." Open the Cisco AnyConnect Secure Mobility Client when it appears (Fig. 1).
  2. Delete tunnel.winona.edu if it appears and replace it with ot.winona.edu. Then select Connect
  3. Select your Group from the drop-down list. If you do not know your group, choose grp_employee (Fig. 2) or contact the Technical Support Center (TechSupport@winona.edu, 507-457-5240, Somsen Hall 207).
  4. Enter your StarID password in the Password field.
  5. Open Microsoft Authenticator on your phone and select the account you added in Step 1 to get your rolling one-time password.
  6. In the Username field, enter:StarID-Microsoft Authenticator one-time password (ex: ab1234cd-042565). Do not forget the dash between your StarID and the one-time password.
  7. Select OK

  • Fig 1. Open Cicso AnyConnect.

  • Fig 2. Select group and enter credentials

Mac users

  1. Select the Spotlight Search icon in the upper right corner of your screen. Type "Cisco." Open the "Cisco AnyConnect Secure Mobility Client" when it appears.
  2. Delete tunnel.winona.edu if it appears and replace it with ot.winona.edu. Then select Connect
  3. Select your Group from the drop-down list. If you do not know your group, choose grp_employee (Fig. 2) or contact the Technical Support Center (TechSupport@winona.edu, 507-457-5240, Somsen Hall 207).
  4. Enter your StarID password in the Password field.
  5. Open Microsoft Authenticator on your phone and select the account you added in Step 1 to get your rolling one-time password.
  6. In the Username field, enter:StarID-Microsoft Authenticator one-time password (ex: ab1234cd-042565). Do not forget the dash between your StarID and the one-time password.
  7. Select OK

  • Fig 3. Open Cicso AnyConnect.

  • Fig 4. Select group and enter credentials

More articles

External links

 

  • Cc license.png

Except where otherwise noted, text is available under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Retrieved from "https://learn.winona.edu/w/index.php?title=Employee_VPN_access&oldid=83471"