Access WebFACES without TFI VPN
Here is what you need to know:
Summary
WebFACES is TFI's client management system and its architecture was designed to authenticate to our internal user directory. IT and Software have in the last year worked to change the login process to authentiate against Microsoft's directory. Starting July 17th 2023, You will no longer need to connect to TFI's VPN to access WebFACES. But before you break out into your signature victory dance, please read the sections below for more information surrounding this change:
Scope
Any Agency employee that uses WebFACES and accesses the application remotely (outside a TFI office)
What drove the change
The VPN has for a long time been a bottleneck for remote workers accessing resources that were originally designed to be available to the internal network. After COVID-19, most workforces across the nation became distributed in nature and applications are no longer predominantly accessed from corporate offices. Remote workers often have to VPN to the corporate VPN to access these resources and while the solution addressed secure access, it often adds points of failure in our network architecture. As part of our ongoing modernization efforts, we want you to access company tools as easily and securely as posssible which is why eliminating the VPN has been on our roadmap for quite a while.
What took us so long
WebFACES manages all our clients' personal data and as such, we take our duty to protect that data seriously and we wanted the best security posture possible before this application was publicly accessible. As part of changing the authentication system, we have also invested in other security tooling that enhances our auditing and compliance capablitities and we are confident that we have enough safeguards in place. We recongnize that the VPN is an extra step in your workflow and it has served us well by keeping WebFACES secure and we have been careful not to rush the implementation that succeeds this architecture.
Enough speeches! When are we doing this
- On Monday June 26th 2023, when accessing WebFACES you may be prompted to log in with your
Microsoft Office 365 username and password. Generally, if you are already logged
in to your other Office 365 applications on your computer then your credentials will be transparently passed to WebFACES
without the need to reauthenticate.
-
On Monday July 17th 2023, WebFACES will become accessible on the Internet without
the need to connect to the TFI VPN. Simply make sure you are connected to the Internet and click on
the WebFACES icon on your company issued laptop or tablet.
Security Considerations
Insert Spiderman's uncle's voice here: "With great power comes great responsiblity..."
All TFI staff have been our greatest asset in the fight against cyber security threats. Part of our confidence in presenting WebFACES to the Internet was our assessment of our staff's maturity on identifying and reporting security threats. A few things to note with this new access:
- Accessing WebFACES from personal computers is generally prohibited. Please use your corporate approved laptop or tablet
- Although the data in transit between your computer and WebFACES is always encrypted, take extra precautions when in public networks such as cafes or airports by connecting to the TFI VPN first before accessing WebFACES.
- Your passphrase and your company smartphone are the first and last line of defense to get into WebFACES. Keep them safe and never write down your passphrase on sticky notes. Report any loss of your credentials or device to IT immediately.
- You may recieve a multi-factor prompt every three days on WebFACES. We do this to guard against the event if your device is lost
Frequently Asked Questions:
Last updated: 06/12/2023