Multi-Factor Authentication (MFA) - Part 2
This information only applies to users who have one of the privileged roles mentioned below...
Due to the access staff with privileged roles in NCEdCloud have to student and employee data (this includes LEA Administrators, LEA Data Auditors, LEA Help Desk, and LEA Student Help Desk), NCDPI is requiring Multi-Factor Authentication (MFA) when logging in. This requires the use of a Time-based One Time Password or OTP with every login to NCEdCloud.
In May, NCDPI rolled out Part 1 of MFA for LEA Administrators and LEA Data Auditors. On November 7, 2019 NCDPI will require staff with LEA Help Desk and LEA Student Help Desk roles to use a One Time Password (OTP) when logging in.
Webinars on MFA (see Sidebar) will be held on October 15th and 31st, 2019 to review the process and answer any questions. FAQs on Multi-Factor Authentication and One-Time Passwords are in their own Category on the NCEdCloud FAQ Page.
Instructions for setting up Authentication Apps
To prepare for setting up your One-Time Password to access the NCEdCloud IAM Service you will need to download an authentication application to either your mobile device, computer, or browser (Chrome). Decide which application you will be using (e.g. Google Authenticator, RapidIdentity, Authy Desktop, GAuth Authenticator) and select the appropriate instructions from below. Links to the applications are included in each set of instructions. NOTE: Until November 7th, staff with LEA Help Desk and LEA Student Help Desk will not be able to configure the One-Time Password in NCEdCloud.
- Setting up your OTP with Google Authenticator (mobile app)
- Setting up your OTP with RapidIdentity (mobile app)
- Setting up your OTP with Authy Desktop (runs on your client's desktop)
- Setting up your OTP with GAuth Authenticator (Chrome Extension)
In preparation for this implementation, we encourage LEAs and charter schools to review the list of staff members that currently have LEA Help Desk or LEA Student Help Desk roles to ensure that these roles are still required. The process is explained below.
Managing Users with Privileged Roles
[Note: The commands require an LEA Administrator role to execute. If you are from a Charter School without an LEA Administrator and are entitled to request this role, please follow the instructions on the Privileged Roles page.]
If you are not familiar with how to check who has privileged roles in your LEA or Charter School, the process will require an “advanced search” under your Profiles tab in NCEdCloud. An instruction sheet is provided below, as well as documentation on Revoking privileges and Resetting the OTP.
- Finding Users with Privileged Roles in NCEdCloud
- Revoking Privileged User Roles
- Resetting the MFA One-Time Password (OTP) for Privileged Users