Setting up Two-factor authentication

We have different resources available, depending on whether you would like to set up Single sign-on with optional two-factor authentication, or just two-factor authentication. 

Follow the instructions below to set up Two-factor authentication on its own.

How long will it take?

  • Completing the checklist to prepare - varies depending on the actions needed
  • Switch on Two-factor authentication - 2 minutes
  • Add IP Whitelisting - 2 minutes

 

What is two-factor authentication?

Two-factor authentication (sometimes called Multi-Factor authentication or mfa) adds an extra layer of security for your MIS designed to ensure that your staff are the only people who can access their accounts using a code generated on their phone, even if someone else knows their Arbor password.

We recommend Google Authenticator as it’s free, but you can use other authentication applications instead, such as Microsoft Authenticator or Authy.

IP whitelisting

As part of two-factor authentication, you can use IP whitelisting to make it quicker for your staff to log in when they are at your site. You can allow staff to log into the MIS from your institution's IP address without needing to complete the second step of the two-factor authentication.

IP Whitelisting allows you to create lists of trusted IP addresses or IP ranges from which your staff can access your MIS. When using a trusted IP address, the second step of the two-factor authentication is not required, and your staff will only need to input their email/username and password (no verification code needed) to log in.

Who can set up these features?

Two-factor authentication is available for all schools and MATs to set up and use no matter what package you've purchased.

Permissions

  • You'll need either the Staff: User Details: Administer or School: General Admin: Administer permissions to set this up on the School MIS - if you don't have the permission, you'll need to ask your admin team to give you permission using these instructions.
  • You'll need the User Details: Manage All Users permission to set this up on the MAT MIS - if you don't have the permission, someone will need to assign you a new Business Role that contains this permission.

Setting up two-factor authentication

Before completing the setup

There are some steps you must complete before you start using two-factor authentication.

  1. Check staff know their password - During the first login, staff will be asked to verify their identity by filling in their Arbor password. This is only done once.
  2. Ask staff to download your authentication app - Your staff will need to have downloaded the authentication app you’ll use (e.g. Google Authenticator) so they can receive their access code to log in. If they have not downloaded the app and completed the setup, your staff will not be able to log in.
  3. Find out your IP address (optional) - This is required if you choose to use IP whitelisting. Find out your IP address by typing ‘What is my IP’ into Google. Remember the results depend on where you currently are, so the IP address in a different location will be different.

Completing the setup

Step 1 - Turn on Two-factor authentication

To get to the setup page, go to:

  • School > Users & Security > Users > Two-Factor Authentication Setup on the School MIS
  • Group Staff > Users & Security > Authentication Setup > Two-Factor Authentication Setup on the MAT MIS

Screenshot_2022-05-06_at_09.59.36.png

 

To turn on two-factor authentication, click the Enable two-factor authentication using… box and select Authentication app, then click the Save settings button.

authentication_app.png

 

This means that when staff log in once they have set up the app, they will need to enter the security code from their app into Arbor to log in.

Top Tip: If at any point in the future you would like to switch two-factor authentication off, change this back to the ‘Do not enable two-factor authentication’ option.

add_in_verification_code.png

Step 2 (optional) - Add IP Whitelisting

Using this section, you can add your IP address (or a range of addresses) to your whitelist.

Top Tip: Find out your IP address by typing ‘What is my IP’ into Google.

IP Whitelisting allows you to create lists of trusted IP addresses or IP ranges from which your staff can access your MIS without the need to use two-factor authentication. When using a trusted IP address, the second step of the two-factor authentication is not required, and your staff will only need to log in using their standard login email and password, with no verification code required.

When using a different IP address, they will still need to complete the second step of two-factor authentication when logging in.

Click +Add in the IP Whitelist section.

add_IPs_for_whitelisting.png

 

In the slide over type in the IP address and click the Save changes button.

add_IPs.png

 

 

What next?

Was this article helpful?
2 out of 3 found this helpful
I'm still stuck!

Comments

0 comments

Article is closed for comments.