How to Setup 2-Factor/MFA in Schoolfi

Two-factor authentication (2FA)

What is it?

2FA requires users to provide an additional piece of data along with their password to access Schoolfi. Even if someone gains access to a user's password, they cannot log in without this additional data. This extra piece is a 6-digit number that changes every 30 seconds, generated by an app installed on the user's device, like a phone or tablet, using the TOTP algorithm.

*** Important Pre-Enabling Checks ***

1. SMTP Email Server Integration: Ensure the Schoolfi server connects to an SMTP Mail server correctly. Do not enable 2FA if email functionality is not working. Configure the SMTP server link on the Core > Email screen.

2. Time Synchronization: Server time accuracy is vital. The 6-digit number generation relies on server time matching the user's device time within 3 minutes. Sync server time with a time server for accuracy.

To check that your server's time is correct, compare the date and time on the diagnostics popup with the time on your desktop or mobile device.

Navigate to your Schoolfi System > Diags

Mass Enable Users' 2FA

1. Navigate to System > Security > Users. (bottom of page) 

2. Select Users for 2FA.

3. Click "Generate New OTP Keys And Email to Checked Users" to trigger an email containing the "Secret Key."

    This will automatically enable 2FA on the user account, and send an email containing the Secret Key

Enable 2FA for Specific Users

1. Navigate to System > Security > Users.

2. Search and click on the user's Logon ID to modify the user settings. (User must have a valid email).

3. Click "Generate New OTP Key And Email it to Users " to send a 16-character shared key.

Setup Chrome Browser Authenticator Extension 

Download Authenticator from Chrome Webstore

Authenticator Extension Download

1. Download Authenticator from the Chrome Webstore.

2. Click the Authenticator icon.

3. Click the "+" sign, then "Manual Entry."

4. Under "Issuer," name the OTP (e.g., "Schoolfi").

5. Enter the 16-character key from the email in the "Secret" field.

6. Click OK to save.

Now, after the user logs in using their normal Username and Password, the following screen will prompt the users for the 2-factor password:

Using Authenticator on Mobile Devices

1. iPhone and Android: Download Google Authenticator from the app store. Add a token, placing "Genesis" in the account field and the 16-character key from your email in the key field. Ensure "Time Based" is selected.

2. Other Devices: Search for an app handling TOTP Keys in the application store. The process should be identical to Google Authenticator on iPhone and Android.

2-Factor Employee Portal

Under the Security Tab in the User's Employee Portal, click on Enable One Time Password Authentication, and steps will be provided to complete the setup.