Multi-Factor Authentication (MFA)

Multi-factor authentication (MFA) is available directly within Slate. While we continue to recommend that multi-factor authentication (often referred to as two-factor authentication, or 2FA) be implemented at your campus single sign-on system, this security tool will assist institutions that have not yet implemented MFA for their campus single sign-on systems and can also be a benefit for those that desire an additional layer of security on top of their existing institutional security stack. 

MFA can be enabled for individual users from the Security Dashboard, or updated in batch via a Users-based query.

A mobile phone number capable of receiving text messages is required to enable multi-factor authentication. Once MFA is enabled, a user who attempts to log in from an unrecognized device will receive a text message containing a one-time use security code. This code will expire within 5 minutes and must be entered into Slate for the login to proceed. Once a user has logged in successfully using MFA, Slate will remember that device going forward.

  Best Practice

If institutional multi-factor authentication is not available on your campus, use Slate MFA as an additional layer of security.

Configuring MFA

From the Security Dashboard in Slate, you can modify any user to:

  • provide a mobile phone number and
  • enable MFA for that user.

Any user with MFA enabled who attempts to log in from an unrecognized device will receive a text message containing a one-time-use security code. This code will expire within 5 minutes and must be entered into Slate for the login to proceed.

  1. Click Database in the top navigation bar and select Security Dashboard.
  2. Click Active Users.
  3. Edit an Existing User or click New User.
  4. Enter a valid mobile phone number. (A mobile phone number must be provided that is capable of receiving text messages.)
  5. Under the Security section of the User tab, check off the MFA setting (require multi-factor authentication for logins from unrecognizable devices).

mceclip2.png

  Why might MFA be triggered again despite using a recognized device?

After a user triggers Slate's MFA while trying to login, Slate sets a cookie so it remembers the browser, not the device. If users switch to a different browser, an incognito window, a different device, or their browser is set to not store any cookies, they will be prompted by MFA again. Typically, subsequent logins using the same browser would not require MFA unless a user cleared their browser's cache. 

Enabling MFA via Batch Management

MFA can be enabled for multiple users in batch via a Users-based query.

  1. Click Queries / Reports in the top navigation bar.
  2. Click Quick Query
  3. Select the Slate Template Library - Users base. Then click 'Build Query'.
  4. Select at least one export and add any filters if enabling MFA for a subset of users.
  5. Click Run Query.
  6. Change the output type to Batch Management - Security.

    mceclip3.png

  7. Select the security update type as Set User Multi-Factor Authentication. Select the MFA status as Enable MFA (requires mobile phone number). 

    mceclip4.png

  8. Click Submit.
Enabling MFA via "Your Profile" on the Slate Homepage

Users are able to click on the "Your Profile" link at the top-right of the Slate homepage. From here, users can individually supply their mobile phone numbers, opt-in to MFA, or provide an alternate mobile number for MFA.

mceclip10.png

Was this article helpful?
4 out of 4 found this helpful