Difference between revisions of "Virtual private network for employees"

From WSU Technology Knowledge Base
Jump to navigation Jump to search
(190 intermediate revisions by 3 users not shown)
Line 1: Line 1:
==How do I connect to ot.winona.edu? (Employee)==
+
{{TOC_Float_Right}}
 +
{{WSU}} Information Technology Services provides a secure '''virtual private network for employees''' working from off-campus locations. To maintain data security, access to some online systems and services requires a direct connection to our private campus network. Using our virtual private network (VPN), employees working remotely can emulate this direct, private connection and access these services as if they were on campus. Most employees do not need a continuous VPN connection when working remotely. Employees cannot establish a VPN connection using a personally-owned device and must use multi-factor authentication to verify their credentials when connecting to our VPN.
  
===Enroll at OTP.winona.edu===
+
==Setting up VPN==
 +
===Step 1: Install an authenticator app===
 +
{{WSU}} Information Technology Services supports two authenticator apps for use with our VPN:
 +
*'''Microsoft Authenticator (recommended):''' [[Microsoft Authenticator|Install this app]] if you prefer using your phone or tablet to verify your VPN credentials.
 +
*'''Authy:''' [[Authy|Install this app]] if you prefer using your WSU laptop to verify your VPN credentials.
  
* All employees must start by setting up their One-Time Password (OTP) at this link '''while on campus''': https://otp.winona.edu/enroll
+
===Step 2: Add your VPN account to your authenticator app===
* Once on that page, enter your StarID in the Username field
+
This step must be completed while on the Winona or Rochester campus. Please use Google Chrome to complete this step. There are known issues with other browsers. If using a {{WSU}} laptop, you must be connected to the [[Wazoo|Wazoo wireless network]]. You can also complete this step using your office desktop with a secure wired network connection.
* Enter your network password on the next screen
+
#If using a laptop, ensure that it's connected to the [[Wazoo|Wazoo wireless network]] wireless network
* Click Add OAUTH Token
+
#Use Chrome to go to the VPN enrollment site at [https://otp.winona.edu https://otp.winona.edu]
* Click the box next to Online then click Add
+
#Select the link, '''"Proceed to set up my StarID for campus VPN access"'''
* On the next page, scan the QR code with the authenticator app of your choice.  
+
#Enter your StarID (e.g., ab1234cd) in the Username field and select Submit
** We recommend [https://www.microsoft.com/en-us/account/authenticator Microsoft Authenticator] or [https://authy.com/download/ Authy].  
+
#Enter your StarID password and select Submit
** '''VERY IMPORTANT!''' You MUST click Done after you scan your QR code otherwise it won't save the changes and you'll have to start over!
+
#Click the '''Add OATH Token''' button
 +
#Click the radio button next to '''Online''' then click '''Add'''. You will be presented with a QR code and a manual code.
 +
#Open your authenticator app. If using Microsoft Authenticator on your phone or tablet, tap '''Add Accounts''', then '''Work or School account'''. The app will ask for permission to use your camera, tap '''Allow'''. Then, use your phone to scan the QR code on your computer screen. Your account will be added to the app. If you are using Authy, select the '''"+"''' icon, copy and paste the manual account code from the VPN enrollment screen to the field in Authy, and select the '''Add Account''' button.  
 +
#IMPORTANT: Select the '''Done''' button on your computer screen to complete the enrollment process.
 +
#Close and reopen your authenticator to ensure that the '''Winona online''' account was added. You will use the rolling code for that account to verify your VPN credentials. Note that you may have other accounts listed in your authenticator app with their own rolling codes.
  
===Windows 10===
+
===Step 3: Test your VPN connection===
* Open the start menu and type Cisco
+
You can now test your VPN connection from off-campus. You can also test it using your laptop while on campus if you are connected to the Eduroam wireless network. To log in to Eduroam, use the StarID@minnstate.edu format of your username and do not enable the connection to reconnect automatically. When you are done testing disconnect your VPN connection.
* Select 'Cisco AnyConnect Secure Mobility Client' when it appears
+
*[[Connect your laptop to our virtual private network|Connect your PC laptop to our VPN]]
* If it does not appear, open your internet browser and go to https://ot.winona.edu
+
*[[Connect your laptop to our virtual private network|Connect your Mac laptop to our VPN]]
* You will be prompted to Connect and login to WSU with your StarID, password, and two-factor authentication code
 
  
===macOS===
+
==More articles==
 
+
*[[Frequently asked questions about our virtual private network]]
* Click on Spotlight in the upper right corner
+
*[[Access network storage from off campus]]
* Type in "Cisco"
+
*[[Cisco AnyConnect Secure Mobility Client]]
* Select "Cisco AnyConnect Secure Mobility Client"
+
*[[Local network storage]]
[[File:VPN_Mac_Cisco_Search.png|400px]]
+
*[[VPN for Students]]
 
+
*[[VPN]]
* Connect to ot.winona.edu
 
[[File:otVPN.png|400px]]
 
* Use your StarID and password along with your six-digit code from your [https://www.microsoft.com/en-us/account/authenticator Microsoft Authenticator] or [https://authy.com/download/ Authy] app when prompted to login.
 
 
 
=Map Network Drives=
 
 
 
==Mapping network storage for Employees==
 
 
 
'''Windows 10'''
 
 
 
You will need to manually map your Personal Network Storage also referred to as R: drive. 
 
* Open File Explorer from the Taskbar
 
* Use the drop down arrow in the top menu for 'Map network drive' and select Map network drive
 
* Type the following in Folder:  \\store\users\(your StarID)
 
* Select 'Reconnect at sign-in'
 
* Finish
 
 
 
'''macOS'''
 
* Use the Finder
 
* Go
 
* Connect to Server
 
* Server address for Employees to get to personal storage: smb://store.winona.edu/users/'''Your.StarID.Here'''
 
* Server address for Employees to get to department drive: smb://store.winona.edu/department
 
 
 
==Map Network Drives (Continued)==
 
 
 
If you want to connect to Personal Network or Department Network drives from off-campus, you will need to connect to VPN before you can use the network drives.
 
 
 
'''Windows 10'''
 
* Open the Start Menu then select the '''Map Network Drives''' shortcut.
 
* A black window will appear and map your drives. Do not close this window.
 
* Double-click 'This PC' on your desktop to access your network drives (See Fig 1.)
 
* Do not disconnect VPN or WiFi during use. Network access is required to maintain the VPN connection.
 
 
 
[[File:ConnectToServer.png|frame|Fig 2. Typical list of network connections on a MacBook]]
 
 
 
'''macOS'''
 
* In Finder, hold down '''<CommandKey>''' then hit the '''<K>''' key to bring up "Connect to Server"
 
* Mac users connect to one of the network locations listed in Fig 2.
 
  
==Related information==
+
==External links==
 +
*[https://en.wikipedia.org/wiki/Virtual_private_network Virtual private network (Wikipedia)]
 +
*[https://www.howtogeek.com/133680/htg-explains-what-is-a-vpn What's a VPN and why would I need one? (How-To Geek)]
  
*[[Cisco AnyConnect Secure Mobility Client]]
+
[[Category:VPN]][[Category:Security]][[Category:Keep Working]][[Category:Keep Teaching]]
*[[Local network storage]]
 
*[[PC laptop backup|Backing up your PC laptop]]
 

Revision as of 13:16, 30 March 2020

Winona State University Information Technology Services provides a secure virtual private network for employees working from off-campus locations. To maintain data security, access to some online systems and services requires a direct connection to our private campus network. Using our virtual private network (VPN), employees working remotely can emulate this direct, private connection and access these services as if they were on campus. Most employees do not need a continuous VPN connection when working remotely. Employees cannot establish a VPN connection using a personally-owned device and must use multi-factor authentication to verify their credentials when connecting to our VPN.

Setting up VPN

Step 1: Install an authenticator app

Winona State University Information Technology Services supports two authenticator apps for use with our VPN:

  • Microsoft Authenticator (recommended): Install this app if you prefer using your phone or tablet to verify your VPN credentials.
  • Authy: Install this app if you prefer using your WSU laptop to verify your VPN credentials.

Step 2: Add your VPN account to your authenticator app

This step must be completed while on the Winona or Rochester campus. Please use Google Chrome to complete this step. There are known issues with other browsers. If using a Winona State University laptop, you must be connected to the Wazoo wireless network. You can also complete this step using your office desktop with a secure wired network connection.

  1. If using a laptop, ensure that it's connected to the Wazoo wireless network wireless network
  2. Use Chrome to go to the VPN enrollment site at https://otp.winona.edu
  3. Select the link, "Proceed to set up my StarID for campus VPN access"
  4. Enter your StarID (e.g., ab1234cd) in the Username field and select Submit
  5. Enter your StarID password and select Submit
  6. Click the Add OATH Token button
  7. Click the radio button next to Online then click Add. You will be presented with a QR code and a manual code.
  8. Open your authenticator app. If using Microsoft Authenticator on your phone or tablet, tap Add Accounts, then Work or School account. The app will ask for permission to use your camera, tap Allow. Then, use your phone to scan the QR code on your computer screen. Your account will be added to the app. If you are using Authy, select the "+" icon, copy and paste the manual account code from the VPN enrollment screen to the field in Authy, and select the Add Account button.
  9. IMPORTANT: Select the Done button on your computer screen to complete the enrollment process.
  10. Close and reopen your authenticator to ensure that the Winona online account was added. You will use the rolling code for that account to verify your VPN credentials. Note that you may have other accounts listed in your authenticator app with their own rolling codes.

Step 3: Test your VPN connection

You can now test your VPN connection from off-campus. You can also test it using your laptop while on campus if you are connected to the Eduroam wireless network. To log in to Eduroam, use the StarID@minnstate.edu format of your username and do not enable the connection to reconnect automatically. When you are done testing disconnect your VPN connection.

More articles

External links

Retrieved from "https://learn.winona.edu/w/index.php?title=Virtual_private_network_for_employees&oldid=64874"