Menu

Articles in this section

Multi-Factor Authentication Settings (Overview & Reference)

In this article

     

    Multi-Factor Authentication (MFA) is a security-enhancing practice of requiring a person to perform more than one step, beyond email and password, for example, when logging into a system. This overview will walk you through the settings available.

    NOTE: after an introductory period, ShulCloud will require MFA for Admins across the platform.

    MFA Settings Overview

    To find the MFA settings, go to Admin Menu > Settings > Edit MFA Settings.

    In the MFA for Admins and MFA for Non-Admins settings sections, you specify two settings: 

    • Required (yes/no) 
    • Modes allowed 
      • Email 
      • Authenticator App

    If MFA is required and a mode is not chosen, the system will default to All Modes which allows both email and authenticator app to be used.

    In Other Settings, you specify three additional settings that apply to admins and non-admins alike:

    • Remember Me Duration (hours) 
    • Code Expiration (minutes)
    • Help Text 

    The Multi-Factor Authentication (MFA) settings will allow you to determine if admins and non-admins will need to verify their identity when signing into your ShulCloud site for added security. 

    MFA settings are divided into three options:

    • MFA for Admins
    • MFA for Non-Admins
    • Other Settings

     

      MFA for Admins/Non-Admins

    Settings

    Description
    Required Whether use of MFA is mandatory for that category of users.
    Modes Allowed How verification codes are obtained (email and/or authenticator app).
      Other Settings
    Remember Me Duration (Hours)

    How long a person who has completed MFA can log in again from the same device without completing MFA again.

    This setting can work in concert with "Timeout Sessions" setting in the Security area of the main Settings page (it automatically logs users out after a period of time).

    • For the greatest security, leave blank or enter 0 to disable remembering devices.
    • For medium security, enter a number from 8-24.
    • For the least security, enter a number greater than 24 (e.g.  720 to require MFA again after 30 days). 
    Code Expiration (Minutes)

    How long a person authenticating via email has to enter the code sent to their email. If the code expires, the person can request a new code.

    This setting does not apply to people authenticating using an authenticator app (those codes re-generate automatically). 
    Help Text Text entered here is shown on the code entry screen and in verification code emails to instruct people what to do if they are having problems logging in using MFA.

     

    Next Steps

     

    Related Resources

     

     

    Related articles