Working Remotely

Welcome to the New York State Office of Information Technology Services (ITS) "Working Remotely" page. To work remotely is to access your agency's network while you are away from your primary workstation. This site contains resources and common troubleshooting tips to support individuals who may be working remotely. 

Request RSA SecurID Token 

To access your agency's network and necessary applications remotely you will need to request and activate an RSA SecurID token. 

An activated RSA SecurID authentication token will enable you to access programs such as the Outlook Web Application (OWA), Office 365 (O365) products including SharePoint, and Virtual Desktop Infrastructure (VDI).  

To obtain a token you will need to submit your request through https://mytoken.ny.gov/. For detailed instructions, click on the RSA SecurID Token tab above. 

The ITSM Self-Service Portal [https://nysitsm2.service-now.com/sp

The ITSM Self-Service Portal can be used to check the status of a ticket or request assistance. Please click the link above and sign into the self-service portal.

RSA PIN Reset: If you need to request a RSA Pin Reset, Log in to https://mytoken.ny.gov/ using your email address and password. Then click Troubleshoot

Report other RSA token issues: For additional RSA assistance, please visit https://its.ny.gov/rsa-token to view important "How To's", answers to common questions, Troubleshooting help, User Guides, tips and instructional videos.

When working remotely, which option is right for me? 

"I need access to email and Microsoft Office products (Word, Excel, etc.) and the ability to share files with others via SharePoint or OneDrive though Outlook Web Access (OWA)."

What equipment do I have or need? State-issued or personal device with Internet access and an RSA Token. 

Where do I go? https://portal.office365.com

Where can I find instructions? Click on the O365 tab above. 


"I need to access the ITS Service Management System (ITSM) and the Statewide Learning Management System (SLMS)."

What equipment do I have or need? State-issued or personal device with Internet access. *An RSA Token is not Required.

Where do I go? https://my.ny.gov

Where can I find instructions? Sign in with your my.ny.gov username and password and select the application you need to access.


"I need access to my full desktop I use in the office, including my agency-specific applications."

What equipment do I have or need? Windows based personal device with internet connectivity and an RSA Token or State issued device that does not have the PulseSecure Client VPN installed.

Where do I go? SSL VPN - https://nysra.ny.gov/MRA

Where can I find instructions? Click on the Remote Access SSL VPN tab above.


"I need access to my Virtual Desktop (VDI) since I am a VDI user in the office and require access to my full desktop. I don't have a PC to log into at the office. I have VDI thin client or zero client at the office."

What equipment do I have or need? VMWare Horizon Client application and RSA Token.

Where do I go? https://desktop.ny.gov

Where can I find instructions? Click on the Virtual Desktop tab above.


"I have recently received a state-issued laptop to work remotely and need access to my agency specific applications. I have not done so previously."

What equipment do I have or need? New York State provided laptop with internet access, plus an RSA Token.

Where do I go? Client VPN See instructions for agency specific installation url Install Pulse Secure Client.

Where can I find instructions? Click on the Client VPN tab above.


 

Generally, the following must be completed before an individual can begin working remotely. If you have questions regarding working remotely, please discuss with your supervisor or refer to your Agency's policy. 

1. Working Remotely Online Training

NYS Agency Staff:

Please follow your agency's specific policy and mandate for training and remote work.

NYS Office of Information Technology Staff: 

All ITS employees are required to complete and pass the "How to Work Remotely" online training course before beginning to work remotely. This course covers the technical aspects of working remotely and can be found in the Statewide Learning Management System (SLMS) using code ITS_Work_2019 or by clicking the link here. 

2. Hardware

Your Agency may or may not provide you with any additional hardware for the sole purpose of working remotely. Subject to your agency's discretion, employees who have been approved to work remotely  may be permitted to use their personal devices, such as a personal desktop computer, laptop, tablet, and/or smartphone. ITS will not be responsible for any hardware issues that may occur on personal equipment because of the program. Users are responsible for keeping their personal devices functioning.  The ITS Service Desk cannot answer calls and/or respond to tickets that are related to personal device hardware issues. 

 


Please note that individuals must be approved to work remotely and secure appropriate access prior to doing so.

RSA SecurID Token

RSA SecurID is a multi-factor authentication technology that is used to protect network services. The RSA SecurID authentication mechanism consists of an assigned hardware or software "token" that generates a dynamic authentication number code at fixed intervals. Users provide the unique number code when logging into a protected service from any network outside the State network.

For any questions regarding using RSA SecurID for working remotely, please discuss with your supervisor or refer to your Agency's policy.

RSA Training Videos

How to use the RSA Self-Service Console and Choosing a Token

Software Tokens

How to Request and Activate a Software Token

How to Use a Software Token

How to Log into Office 365 with a Software Token from a computer

Hardware Tokens

How to Request and Activate Hardware Token

How to Use a Hardware Token

How to Log into Office 365 with a Hardware Token from a computer

RSA User Guides

RSA Token Request Job Aid

RSA Quick Reference Guide

RSA Help Section

What is Multi-Factor Authentication (MFA)? 

Multi-Factor authentication (MFA) is a security system that requires more than one method of authentication from independent categories of credentials to verify the user's identity for a login. 

What is a Token Passcode?

For a Software Token, your Token Passcode is the eight-digit number generated after entering your PIN on the RSA App. On your Soft token, the passcode refreshes every sixty seconds. If you have difficulty logging in after providing the passcode, ensure the correct PIN was entered. 

Your Hard Token generates a random, six-digit passcode every sixty seconds, also known as a Token code. Your Token Passcode is your PIN followed the Token code (the six random digits) from the Hard Token, with no spaces between them. 

How do I request a new token?

Log in to https://mytoken.ny.gov/ and request a new Token. You must mention that you are replacing your existing Token. You are only allowed one Token at any given time. 

Should I use a hardware or software token? 

Software tokens are the preferred method. Hardware tokens can become lost or stolen. 

I forgot my PIN, what do I do? 

If you forget or need to change your PIN, log into the Self-Service Console using your email address and password at https://mytoken.ny.gov/, then click "Change PIN". 

What is "Next Token Code Mode" and what do I do about it?

After entering too many incorrect passcodes, you may be required to enter a next Token code. If using a Soft Token, wait and then enter the next available passcode shown. If using a Hard Token, wait and then enter the next available Token code shown (random 6 digits). Do NOT enter PIN + Token code. 

I am locked out of my RSA Token account, what do I do?

Go to https://mytoken.ny.gov/, do not login. Click on "Troubleshoot SecurID Token". Enter your email address and answer the identifying questions. Upon submission of correct answers, your RSA account will no longer be locked. 

I lost/damaged my hardware token. 

Log into the Self-Service Console and request a new hardware token noting that the current one is broken or lost. If broken, send to: 

RSA Enterprise Platform Admins 

WA Harriman Campus Bldg. 8 Room 331 

Albany, Ny 12227. 

Where do I return my RSA token? 

RSA Enterprise Platform Admins 

WA Harriman Campus Bldg. 8 Room 331 

Albany, Ny 12227.

Office 365 is a collection of apps and cloud services that you can use to be productive across a variety of devices from just about anywhere. Office 365 (O365) is a cloud-based version of the Microsoft Office suite. For New York State employees, Office 365 includes online versions of Word, Excel, PowerPoint, and SharePoint. 

When you log in through your web browser, you can access Office 365 anywhere you need to work and without having an installed version on your desktop or device.  Office 365 also includes One Drive for cloud storage and sharing.  

When working remotely, employees can always use the VMware Horizon Client to access their virtual desktop but many employees do not need to. Most employees will be able to perform all their duties by just using Office 365. For any questions regarding using O365 for working remotely, please discuss with your Supervisor or refer to your Agency's policy.

Office 365 Training Videos 

How to Log into Office 365 with a Software Token from a computer

How to Log into Office 365 with a Hardware Token from a computer

 

Office 365 Quick Start Video Guide

Word Online

Excel Online

PowerPoint Online

Outlook on the Web

SharePoint Online

OneDrive

Office 365 Help Section 

I do not know how to sign in. 

Sign it to Office 365 using your full work email address and your network password. You will also need to enter an RSA token passcode. 

Can I access a shared inbox through Outlook on the web? 

Yes. You will have access to any shared mailbox that you have in the Outlook Client that is installed on your workstation PC. 

How secure is Office365? 

Microsoft has robust policies, controls, and systems built into Office 365 to help keep our information safe.

Virtual Desktop Infrastructure (VDI) 

Virtual Desktop Infrastructure (VDI) is the practice of running a user's desktop inside a virtual machine that lives on a server in a data center. All profile settings, installed applications, and the operating system are stored and managed centrally. Centralized desktop images, applications and files make data security more manageable, regardless of whether an employee is accessing the virtual desktop from within the state network (at their work desk) or while outside the state network (e.g. from a home Internet connection or a Wi-Fi hotspot). Files should be saved to network drives in order to be accessed via VDI. Files saved on local drives such as the Desktop, or C: Drive cannot be accessed.

The Office of Information Technology Services uses a specific software program called VMWare Horizon to use the Virtual Desktop Infrastructure. For any questions regarding using VMWare for working remotely, please discuss with your Supervisor or refer to your Agency's policy.

Horizon VMWare Training Videos 

Microsoft Windows Videos

How to Install the VMWare Horizon Client on Microsoft Windows PCs

How to Connect to your Virtual Desktop From a Windows PC

Apple & iOS Videos

How to install the VMWare Horizon Client on Apple Mac Computers

How to install the VMWare Horizon Client on Apple iOS Devices (iPhone, iPad)

How to connect to your virtual desktop from an Apple Mac

How to connect to your virtual desktop from a iOS device

Google Videos

How to install the VMWare Horizon Client on Google Chromebooks

How to connect to your virtual desktop from a Google Chromebook

Android Videos

How to install the VMWare Horizon Client on Android Devices

How to connect to your virtual desktop from a Android Devices

VMWare Horizon User Guides 

VMWare Horizon User Guide.PDF 

VMWare Help Section 

Is VDI the same desktop as my work site computer? 

No, files that are stored on your C: drive or Desktop will not be available when using VDI. 

My VDI session froze. How do I get back in to the VDI session? 

Use the "send Ctrl-Alt-Delete" button at the top of the session to unlock the computer. Turn off the device, wait 4-5 minutes and try logging back on. Your session should restart with a new virtual machine (new desktop). 

What are some benefits of VDI? 

VDI can yield significant benefits to New York State in terms of service, manageability, security and cost. Below are some of the key benefits of VDI: 

VDI eliminates the physical management issues for desktops, since all resources (CPU, memory, storage etc.) are managed centrally. VDI also reduces time spent managing networks because you only need to address software issues on one server as opposed to each individual machine. 

VDI can dramatically drive down cost of hardware and support, when compared to the costs of Desktop PCs. 

Centralized desktop images, applications and files make data security more manageable regardless of whether an employee is accessing the virtual desktop from within the state network (at their work desk) or while outside the state network (e.g. from a home Internet connection or a Wi-Fi hotspot). 

I'm getting an error message stating that I am "Not entitled to use the system"? 

You will need to request access to your agency's VDI pool. Please contact the Enterprise Service Desk or your local Service Desk and request access.

Remote Access SSL VPN

The following Agencies currently have access to SSL VPN which is accessed with the directions below. If your agency is not listed please check again tomorrow, we plan on adding support for additional Agencies over the next couple of days. 

Before beginning, this method of VPN will only work under the following circumstances: 

  • You are trying to connect to your work computer from an outside computer. 
  • Your work computer must remain on. 
  • You must be using a Windows computer; this will not work on a Mac.

(AGM) Dept. of Agriculture and Markets

(DCJS) Division of Criminal Justice Services

(DCS) Dept. of Civil Services

(DEC) Dept. of Environmental Conservation

(DHSES) Dept. of Homeland Security and Emergency Services

(DMV) Department of Motor Vehicles

(DOB) Division of Budget

(DOH) Dept. of Health

(DOL) Dept. of Labor

(DOS) Department of State

(DOT) Dept. of Transportation

(DPS) Dept. of Public Service

(DTF) Dept. of Taxation and Finance

(GAMING) NYS Gaming Commission

(GOER) Governor's Office of Employee Relations

Indigent Legal Service

(ITS) Information Technology Services

(JC) Justice Center

(JCOPE) Joint Commission on Public Ethics

(OASAS) Office of Alcoholism & Substance Abuse Services

(OCFS) Office of Children and Family Services

(OGS) Office of General Services

(OMH) Office of Mental Health

(OPWDD) Office for People with Developmental Disabilities

(OTDA) Office of Temporary Disability Assistance

(SLA) State Liquor Authority

(WCB) Workers Compensation Board

(OFA) NYS Office for the Aging

(DOCCS) Dept. of Corrections and Community Supervision

(HCR) NYS Homes and Community Renewal

(OMIG) Office of Medicaid Inspector General

(Parks) Parks, Recreation, and Historical Preservation

Click here to view and download PDF of instructions

Client VPN

Client VPN is an application that creates a secure connection from your state- issued device to NYS network. 

Before beginning, this method of VPN will only work under the following circumstances: 

  • You are trying to connect to NYS network; 
  • You have NYS State issued device; and 
  • The VPN Client is installed. 
  • The client is typically installed on most windows-based state issued devices and preconfigured. This allows for quick connection once you’ve entered the RSA Passcode when prompted. 
  • How to determine if the VPN Client is already installed.

The following Agencies currently have access to the new Client VPN (please see instructions below.)

(AGM) Dept. of Agriculture and Markets

(DCJS) Division of Criminal Justice Services

(DCS) Dept. of Civil Services

(DEC) Dept. of Environmental Conservation

(DHSES) Dept. of Homeland Security and Emergency Services

(DMV) Department of Motor Vehicles

(DOB) Division of Budget

(DOH) Dept. of Health

(DOL) Dept. of Labor

(DOS) Department of State

(DOT) Dept. of Transportation

(DPS) Dept. of Public Service

(DTF) Dept. of Taxation and Finance

(GAMING) NYS Gaming Commission

(GOER) Governor’s Office of Employee Relations

Indigent Legal Service

(ITS) Information Technology Services

(JC) Justice Center

(JCOPE) Joint Commission on Public Ethics

(OASAS) Office of Alcoholism & Substance Abuse Services

(OCFS) Office of Children and Family Services

(OGS) Office of General Services

(OMH) Office of Mental Health

(OPWDD) Office for People with Developmental Disabilities

(OTDA) Office of Temporary Disability Assistance

(SLA) State Liquor Authority

(WCB) Workers Compensation Board

(OFA) NYS Office for the Aging

(DOCCS) Dept. of Corrections and Community Supervision

(HCR) NYS Homes and Community Renewal

(OMIG) Office of Medicaid Inspector General

(Parks) Parks, Recreation, and Historical Preservation

How to Check if You have PulseSecure Client

1. Check for pulse secure

Turn device/laptop on, login with your NYS credentials, connect to internet service and see if Pulse Secure/Always On is on the device:

If after a short period the PulseSecure popup (below) appears, you have PulseSecure:

If no screen pops up, click the up arrow /\  at the bottom right of your computer screen (as below):

If you see the following icon somewhere in the group, you have Pulse:

You can see the status of your connection.

*If not, your device does not have PulseSecure and you should refer to one of the other methods of connectivity listed on the Overview page. 

Should you utilize remote access, please note the following requirements: 

  • Employees who use their own personal electronic devices for official New York State business must ensure that their use is in full compliance with the New York State Information Security Policyand the New York State Acceptable Use of Technology Resources Policy, as well as their agency's work rules, ITS Enterprise technical standards and ITS mobile/personal device technical standards and policies. 
  • Do not download or save sensitive or confidential data to a personal device. If you inadvertently do save or download such data to your personal device, you should take immediate steps to permanently remove the data from your device by deleting it from the location where you have it stored, and then deleting it from your recycle or trash bin.   
  • Ensure that you have a strong password to protect access to your personal device and that that password is not shared with others, including friends and family.  Do not reuse your personal passwords for work purposes. Use complex passwords and change them in accordance with your agencies' policy. 
  • Do not accept "remember my password" prompts.  Securely log in each time you utilize remote access. 
  • Explicitly log out of all browser and VDI sessions when not actively in-use, do not just 'X' out of the active window. If you do not log out, others with physical access to your device could gain unauthorized access to agency data.  
  • To the extent possible, ensure that your personal device is fully patched with the latest security patches.  
  •  To the extent possible, ensure your personal device is using a current and up-to-date anti-virus/threat solution, a personal firewall, and a malicious content blocker for your web browser. Microsoft Windows devices come with Windows Defender which provides these things.
  • When traveling with your portable device, ensure that you keep it in your physical possession at all times.  
  • When utilizing Wi-Fi, ensure you only connect to known and secured networks. If use of public wi-fi becomes a necessity for connectivity, ensure that you explicitly ask the hosting organization (e.g., library, coffee shop) for the correct network to join. Be mindful of shoulder surfing and do not leave printed documents on public printers where they can be seen by unauthorized individuals. 
  • "If your State-issued remote access device has been lost or stolen, you must immediately contact your supervisor and your agency information security officer or designated information security representative. If you believe your State-issued remote access has been compromised, immediately contact the NYS Cyber Command Center at (518) 242-5045 or email [email protected].