Multi-Factor Authentication (MFA)
Last Updated: 4/5/2023
Please click the following button to view a quick video detailing MFA setup.
Frequently Asked Questions
- What is Multi-Factor Authentication (MFA)?
MFA is a secured access method that requires users to support their credentials by supplying two or more pieces of evidence, or “factors,” to log into a system. One factor is something the user knows, such as a username and password. Other factors utilize something the user has in their possession, such as an authenticator app or secure code sent to a secondary email. Using multiple factors provides an additional layer of security to help prevent unauthorized access.
- Why is FACTS requiring this change?
The security of your school and family data is at the forefront of each and every decision we make at FACTS. As more aspects of our lives become dependent upon our ability to access information through mobile and cloud-based services, it has become increasingly important to ensure the integrity of the users behind the devices attempting to access this information.
In support of our commitment to providing the highest levels of security for our products, FACTS has made the decision to begin utilizing multi-factor authentication (MFA).
- When will MFA be required?
On April 17, 2023, FACTS began requiring MFA within the FACTS Giving product for all administrative users.
On July 12, 2023, FACTS rolled out requirements for administrative users to use MFA to access the following FACTS products:- FACTS Tuition Management
- FACTS Grant & Aid Assessment
- FACTS Payment Forms
Beginning November 13th, 2023, FACTS will roll out MFA for consumer users (families) that access the following FACTS products:
- FACTS Tuition Management
- FACTS Grant & Aid Assessment
*FACTS SIS will begin requiring MFA in early 2024.
- Who is impacted by this requirement?
At this time, all administrative users – staff and teachers – with access to the following products will be required to utilize MFA:
- FACTS Giving
- FACTS Tuition Management
- FACTS Grant & Aid Assessment
- FACTS Payment Forms
Beginning November 13th, 2023, FACTS will roll out MFA for consumer users (families) that access the following FACTS products:
- FACTS Tuition Management
- FACTS Grant & Aid Assessment
*FACTS SIS will begin requiring MFA in early 2024.
- We have users that do not have a personal mobile phone or device to facilitate MFA. Are there other options to comply?
If users do not have a personal mobile phone or device to utilize MFA, users will have the option to use email verification.
- What authenticator app should I use?
Authenticator apps can be downloaded on your phone and some can be downloaded via desktop. FACTS recommends using one of the following, but does not currently limit which option(s) you use.
- Google Authenticator
- Microsoft Authenticator
- Authy by Twillo
- What is a Recovery Code?
If the device utilizing the authenticator app is lost, damaged or not working, users need the ability to access their account. FACTS will present system-generated recovery codes so users can self-serve when trying to authenticate into the system without their device present.
Note: These codes are only presented at the time of the initial setup and should be printed and kept in a secure location.
- What if I can’t find my recovery codes or didn’t save them?
If you did not save the recovery codes presented during the registration process or lost the codes, you can contact FACTS customer service to have your MFA reset and you will be prompted to setup authentication again the next time you log into FACTS.
- What if the device I had my authenticator app on has been lost, damaged or no longer working?
When MFA is initially established, users are presented with recovery codes that can be used to authenticate into the system without the device present. If you have lost these codes, you can call FACTS customer service and they will reset your MFA to prompt you to setup authentication on your device the next time you login.
- Will my students who access the SIS Family Portal be required to utilize MFA?
No. Students accessing the family portal will not be prompted or required to use MFA to access their FACTS account.
- Can I change my authentication method after setting it up?
Yes. Users can change their preferred authentication method by contacting their FACTS account management team to request a reset of their MFA configuration. This will allow users to configure MFA using either email verification nor an authenticator app.
- Can I configure MFA on behalf of my users?
No. MFA cannot be configured on behalf of another user.
- Why is SMS (text) not one of the authentication options?
Security experts believe that as MFA becomes more common, bad actors are likely to target SMS as being the weakest of additional security layers available. As such, FACTS has made the decision not to support SMS as an authentication option.
- How often will I be prompted to authenticate?
The authentication token remains active for 4 hours. If it has been more than 4 hours since the last authentication and the user signs out, they will be prompted to reauthenticate when signing in.
- How will MFA impact users that have Single Sign-On (SSO) with their organization?
On its own, a single sign-on (SSO) solution doesn’t satisfy the MFA requirement. If your SSO system uses MFA, you don’t need to also enable FACTS MFA for users who access FACTS products solely through SSO.
- If my Institution already requires MFA, does this impact my current process?
If your institution has an SSO connection with FACTS and already manages the users, passwords and enforcing MFA from their identity provider, there will be no impact to users. If your institution has not enabled Single Sign-On (SSO) with FACTS, users will be required to enable MFA when logging into FACTS.
For questions on how to enable SSO, please reach out to your FACTS account management team.