Multi-Factor Authentication (MFA)
Multi-factor Authentication (MFA) is used to provide additional security to user accounts. This higher level of security can be required for various reasons, including access to PII (Personally Identifiable Information) of students and/or employees, financial or HR data, or administrator or technical support accounts.
MFA in the NCEdCloud IAM Service requires a user to enter a 6-digit code in addition to their username and password. This code is usually generated from an authentication application that you download to your mobile device, or run on your computer.
There are three ways MFA is implemented for users in the NCEdCloud IAM Service:
- MFA is implemented for all users with a privileged role, such as LEA Administrator, LEA Data Auditor, or one of the Help Desk roles.
- PSUs can “opt-in” to having MFA turned on for ALL of their staff, to not only secure their accounts, but to reduce the cost of cybersecurity insurance in some cases.
- PSUs can also require MFA for a subset of their staff (e.g. HR and Finance employees, administrative staff with access to user records, etc.), by uploading a file of their UIDs.
MFA for Users with Privileged Roles in the NCEdCloud IAM Service
Due to the access staff with privileged roles in NCEdCloud have, to student and employee data and their accounts, NCDPI is requiring Multi-Factor Authentication (MFA) when logging in. This requires the use of a Time-based, One Time Password (OTP) with every login to NCEdCloud. More information on Privileged Roles is available on the Privileged Roles page.
Requesting MFA for ALL Staff in your PSU
If your PSU would like to implement MFA for ALL of your employee accounts in the NCEdCloud IAM Service, you can submit an MFA Opt-In form. You can optionally request a date to turn on MFA for your PSU when you submit the form. Note, you must have the NCEdCloud LEA Administrator role to submit this request.
Requiring MFA for Specific Employees
As mentioned above, you can require selected staff in your PSU to enter a second factor (in addition to their password) when they log into their NCEdCloud account. This is accomplished by uploading a file of their UIDs (State Employee number) in a .txt file, by submitting a request for the “LEA Enforce MFA” Entitlement in the Requests module when you’re logged into the NCEdCloud RapidIdentity portal. More information on this process can be found in the document: "How to Request Multi-Factor Authentication (MFA) for Select Employees"
FAQs on Multi-Factor Authentication and One-Time Passwords are in their own Category Section on the NCEdCloud Information website FAQ Page.
Instructions For Setting Up Authentication Apps
Users required to use MFA to access NCEdCloud should prepare for setting up your One-Time Password by downloading an authentication application to either your mobile device, computer, or browser (Chrome). Decide which application you will be using (e.g. Google Authenticator, RapidIdentity, Authy Desktop, GAuth Authenticator) and select the appropriate instructions from below. Links to the applications are included in each set of instructions.
- Setting up your OTP with Google Authenticator (mobile app)
- Setting up your OTP with RapidIdentity (mobile app)
- Setting up your OTP with Authy Desktop (runs on your client's desktop)
- Setting up your OTP with GAuth Authenticator (Chrome Extension)