Multi-Factor Authentication (MFA) or One-Time Passwords (OTP)

I use more than one device to access NCEdCloud. Will I need to setup two different authentication applications?

The One-Time Password (OTP) is tied to your NCEdCloud ACCOUNT, not to a device.  Therefore, when you login the first time after MFA is implemented (or after an OTP Reset) and see the OTP Setup Page, the QR Code and the AlphaNumeric Code below it are what links the NCEdCloud MFA to the 6-digit code presented by your authentication application (Google Authenticator, RapidIdentity, Authy Desktop).  The QR code and the AlphaNumeric Code are "identical", as far as providing the same information to authentication apps - as long as they're taken from the same OTP Setup page.  Ther

How often will I need to enter my OTP?

The short answer is once per day.  Your OTP (6-digit code) is part of the login process to NCEdCloud, so if you typically login to NCEdCloud more than once during the day (you use different clients or close your browser during the day) you will need to enter your OTP on the 3rd screen of the login.  If you use the same client throughout the day, then you’ll only login (and enter your OTP) once.

Do I need to provide my mobile phone number to set up MFA?

It depends on the app.  Both the Google Authenticator and RapidIdentity app that run on your mobile device use a time-based one-time password (TOTP) algorithm to provide a valid 6-digit code (it is not texted to your phone).  However, Authy requires that you enter your cell number when installing and registering the app.

Why is MFA being required for NCEdCloud?

As a part of continuing efforts to enhance the security posture of statewide IT systems, and due to the access NCEdCloud LEA Administrators and LEA Data Auditors have to student and employee data, Multi-Factor Authentication (MFA) will now be required for users with either of these roles in the NCEdCloud IAM Service.  NCDPI will implement MFA for these privileged users statewide beginning Thursday, May 9th, 2019.