• New PennKey Login UI – The PennKey Login user interface will be refreshed and modernized. The new Login UI will include the following: 
  • Screen design/flow complementary to Duo Universal Prompt (see below)
  • Responsive design
  • Improved accessibility
  • Optimized for desktop and mobile
    
• Duo Universal Prompt – Duo Universal Prompt, a vendor-supplied Multi-Factor Authentication (MFA) application, will replace Penn’s current custom Two-Step Verification service for PennKey authentication. PennKey will be integrated directly with Duo for a seamless user experience. Duo Universal Prompt provides the following: 
  • Modern, secure, easy-to-use interface
  • Simpler way to add or manage devices
    
  • Easier deployment of new strong-authentication options
    
  More details are available on the Duo Universal Prompt Project website.
  

• Two-Step for O365 Email Policy Enforcement – The University is required to begin fully enforcing its Two-Step for O365 policy, which has been in place since July 2022 but has not been universally applied. As of August 1, 2023, all Penn O365 email users will be required to use Two-Step Verification. Campus O365 administrators with out-of-compliance users are being sent user lists along with instructions they can email to these users. The vast majority of these users are already enrolled in Two-Step and have been using it during PennKey login; they just have not yet enabled it for O365 email. User instructions for how to turn on Two-Step for O365 are available on the PennO365 with Two-Step Verification page (see the “Self-enrollment application” tab). 
• Enterprise LDAP Enhancements – The Enterprise LDAP, Penn’s central IAM identity hub, has recently been enhanced to enrich user data to meet predicted needs of future software integrations, tune performance and security, and plan for future service operations. The Enterprise LDAP will soon be available as an offering of ISC’s Access Management Services.
  

The Penn IAM Team