TABLE OF CONTENTS
- Two-Factor Authentication Settings
- Set Up & Use Two-Factor Authentication
- Reset Two-Factor Authentication
- Two-Factor Authentication for Students
Two-factor authentication (2FA) is an extra layer of security used when logging into websites or apps. With 2FA, you have to log in with your username and password and provide another form of authentication that only you know or have access to.
The second form of authentication is a code generated by an application on your mobile device. The only way someone can sign into your account is if they know your password and have access to the authentication code on your phone.
For configuring 2FA, you need to use a time-based one-time password (TOTP) mobile app like Google Authenticator, 1Password, Authy, LastPass Authenticator, Microsoft Authenticator, etc. You can scan the QR code in the app or use a 16-digit code from the Set Up Two-Factor Authentication page to set up the account that will generate TOTP.
Two-Factor Authentication Settings
Two-factor authentication settings are located in School Settings in the Cybersecurity Options — Two-Factor Authentication section and have the following options:
- Enable Two-Factor Authentication Requirement for All Users
- Allow Two-Factor Authentication for Students
- Enable Two-Factor Authentication Requirement for Students
- Enable Two-Factor Authentication Requirement for Users with Access to SSN
- Enable Two-Factor Authentication Requirement for Roles
- Enable Accepting Google Auth as Two-Factor Authentication: enabling this option will make Two-Factor Authentication not required when using a Google account for authorization.
- Allow Remembering User Devices for Two-Factor Authentication
- Two-Factor Authentication Expires In, days
Set Up & Use Two-Factor Authentication
If 2FA is set as required for users, they will have to set up a phone app to get two-factor authentication codes before logging in:
After it is set up, the user will have to enter the 6-digit code before logging in. Use the Don’t Ask Again on This Device checkbox to remember the device and skip 2FA code entering for a predefined number of days:
Reset Two-Factor Authentication
Any user can reset the two-factor authentication setting on the Main → My Profile page:
After that, the user will have to set it up again. GEGI administrator can also reset a user’s 2FA on the User Details page.
Two-Factor Authentication for Students
Two-factor authentication for students can be enabled using the Allow Two-Factor Authentication for Students setting. Use Enable Two-Factor Authentication Requirement for Students to make it mandatory.
If it is not set as mandatory for a student, the student will be able to manually enable or disable it in the profile:
Two-factor authentication can be reset for a student at the Access panel on the Lead Details page: