Multi-Factor Authentication (MFA)

What is GAuth Authenticator and How Can I Use it?

GAuth Authenticator is a Chrome browser extension.  If you use Chrome to access NCEdCloud, then you can use GAuth to provide your 6-digit OTP.  GAuth does not require the use of a mobile phone/device or entering your phone number.  More information on GAuth can be found on the NCEdCloud MFA page at /multi-factor-authentication-mfa, or under the MFA topic in the Opt-In Features Menu at the top of the page.

Why is the NCEdCloud MFA called a "One Time" Password if I have to use it every time?

The "One-Time" in One-Time Password (OTP) refers to the number of times you can use a specific 6-digit passcode to login (one time), not something you only enter once.  A new valid password is generated for your account every 30 seconds so that someone can't look over your shoulder and see your 6-digit code, or a "hacker" can't capture what you enter and try to reuse it at a later time.  It's purpose is to add a "second factor" in addition to your account password, to make your login more secure.  It is usually only implemented for user accounts that have access to

How often will I need to enter my OTP?

The short answer is once per day.  Your OTP (6-digit code) is part of the login process to NCEdCloud, so if you typically login to NCEdCloud more than once during the day (you use different computers, tablets, etc. or logoff and close your browser during the day), you will need to enter your OTP on the 3rd screen of the login.  If you use the same machine throughout the day, then you’ll only login (and enter your OTP) once.

Do I need to provide my mobile phone number to set up MFA?

 

It depends on the authenticator app you choose.  Both the Google Authenticator and RapidIdentity apps that run on your mobile device use a time-based one-time password (TOTP) algorithm to provide a valid 6-digit code (it is not texted to your phone). So while the application RUNS on your phone, you are not sharing the number with anyone, nor being changed any fees.  However, other authentication vendors may required you to enter your phone number when registering for the application.

 

Will I be required to use my personal phone for the MFA One-Time Password?

 

It depends.  There are multiple ways of obtaining the 6-digit code that must be entered when you login to NCEdCloud (if you have one of the privileged roles).  See the NCEdCloud MFA page for details on the different authenticator applications.

While you can install the Chrome extension "GAuth Authenticator" or another desktop or browser app, these tools must be installed on each device you use to access the NCEdCloud IAM Service.  I