- Products
-
-
Industries
- K-12 Schools
Whole-school solutions that meet your unique needs
- Businesses
A growth-oriented, customized development program
- Faith Communities
Online faith formation and member engagement
Elevating Education
Contact Sales- K-12 Schools
-
- Industries
- Resources
- Company
- Parents
Multi-Factor Authentication (MFA)
Last Updated: 4/5/2023
Please click the following link to view a quick video detailing MFA setup.
MFA is a secured access method that requires users to support their credentials by supplying two or more pieces of evidence, or “factors,” to log into a system. One factor is something the user knows, such as a username and password. Other factors utilize something the user has in their possession, such as an authenticator app or secure code sent to a secondary email. Using multiple factors provides an additional layer of security to help prevent unauthorized access.
The security of your school and family data is at the forefront of each and every decision we make at FACTS. As more aspects of our lives become dependent upon our ability to access information through mobile and cloud-based services, it has become increasingly important to ensure the integrity of the users behind the devices attempting to access this information.
In support of our commitment to providing the highest levels of security for our products, FACTS has made the decision to begin utilizing multi-factor authentication (MFA).
On April 17, 2023, FACTS began requiring MFA within the FACTS Giving product for all administrative users.
On July 12, 2023, FACTS rolled out requirements for administrative users to use MFA to access the following FACTS products:
- FACTS Tuition Management
- FACTS Grant & Aid Assessment
- FACTS Payment Forms
Beginning November 13th, 2023, FACTS will roll out MFA for consumer users (families) that access the following FACTS products:
- FACTS Tuition Management
- FACTS Grant & Aid Assessment
*FACTS SIS will begin requiring MFA in early 2024.
If users do not have a personal mobile phone or device to utilize MFA, users will have the option to use email verification.
Authenticator apps can be downloaded on your phone and some can be downloaded via desktop. FACTS recommends using one of the following, but does not currently limit which option(s) you use.
- Google Authenticator
- Microsoft Authenticator
- Authy by Twillo
If the device utilizing the authenticator app is lost, damaged or not working, users need the ability to access their account. FACTS will present system-generated recovery codes so users can self-serve when trying to authenticate into the system without their device present.
Note: These codes are only presented at the time of the initial setup and should be printed and kept in a secure location.
If you did not save the recovery codes presented during the registration process or lost the codes, you can contact FACTS customer service to have your MFA reset and you will be prompted to setup authentication again the next time you log into FACTS.
When MFA is initially established, users are presented with recovery codes that can be used to authenticate into the system without the device present. If you have lost these codes, you can call FACTS customer service and they will reset your MFA to prompt you to setup authentication on your device the next time you login.
No. Students accessing the family portal will not be prompted or required to use MFA to access their FACTS account.
Yes. Users can change their preferred authentication method by contacting their FACTS account management team to request a reset of their MFA configuration. This will allow users to configure MFA using either email verification nor an authenticator app.
No. MFA cannot be configured on behalf of another user.
Security experts believe that as MFA becomes more common, bad actors are likely to target SMS as being the weakest of additional security layers available. As such, FACTS has made the decision not to support SMS as an authentication option.
The authentication token remains active for 4 hours. If it has been more than 4 hours since the last authentication and the user signs out, they will be prompted to reauthenticate when signing in.
On its own, a single sign-on (SSO) solution doesn’t satisfy the MFA requirement. If your SSO system uses MFA, you don’t need to also enable FACTS MFA for users who access FACTS products solely through SSO.
If your institution has an SSO connection with FACTS and already manages the users, passwords and enforcing MFA from their identity provider, there will be no impact to users. If your institution has not enabled Single Sign-On (SSO) with FACTS, users will be required to enable MFA when logging into FACTS.
For questions on how to enable SSO, please reach out to your FACTS account management team.