Multi-Factor Authentication, also know as MFA or Two-Factor Authentication, is a great way to encourage secure logins. Each user (manager or learner) is responsible for enabling MFA on their own profile.
When providing admin access to your learning site, it is extremely important that those logins are secure. These users have full control of settings and content, as well as access to confidential learner data. Therefore, to keep admin logins secure, we strongly recommend multi-factor authentication as a way to add a higher level of security.
Each code is valid for a maximum time of one minute. Codes display for 30 seconds and are active for another 30 seconds after disappearing. This means the current code displayed on the user's phone (via the Google Authenticator app or another method), and the previous code, are active at the same time.
Note
MFA cannot be used if you have enabled SSO for your managers or learners.
Enabling MFA as a Manager:
There is currently no option for a manager to enable MFA for other managers or learners. Each manager role should login and enable MFA for their own account. A smartphone is required to complete this set up.
- Once logged in, select the user's Name > My Account. By default, you will land on the Details tab.
- Within the Multi-Factor Authentication section, enter your current password in order to activate MFA for your account.
- Click Verify.
- Next, use your smartphone to scan the code on your screen.
Tip
We recommend downloading the Google Authenticator app and scanning the QR code via the app. Google Authenticator will provide instructions for you based on which smartphone you have.
- If using Google Authenticator, an access number will display on your phone screen.
- Enter the access number in Thought Industries and click Activate.
- The next time you login, you will be prompted to enter the access code that will be sent to you in order to authenticate.
Enabling MFA as a Learner:
There is currently no option for a manager to enable MFA for other managers or learners. Each learner role should login and enable MFA for their own account. A smartphone is required to complete this set up.
- Once logged in, go to Name Dropdown Menu from the Learner Dashboard, then Account.
- Within the Multi-Factor Authentication section, enter your current password in order to activate MFA for your account.
- Click Verify.
- Next, use your smartphone to scan the code on your screen.
Tip
We recommend downloading the Google Authenticator app and scanning the QR code via the app. Google Authenticator will provide instructions for you based on which smartphone you have.
- If using Google Authenticator, an access number will display on your phone screen.
- Enter the access number in Thought Industries and click Activate.
- The next time you login, you will be prompted to enter the access code that will be sent to you in order to authenticate.
Tip
Use Translations to customize the language that displays to the learner when enabling MFA. Translation fields that apply:
multi-factor-authentication
multi-factor-verify
dashboard.account-multifactor-enabled
dashboard.account-multifactor-scan
dashboard.account-multifactor-enter-password
dashboard.account-multifactor-enter-code
dashboard.account-multifactor-download
Disabling MFA for any role:
If a learner or manager has enabled MFA and would no longer like to use it, there are two permissions that would allow a manager role to disable MFA. One is for permission to disable MFA for a learner role, the other is for permission to disable MFA for manager roles.
Disable Learner Multi-factor Authentication
Managers with this permission enabled have the ability to disable MFA for learners only.
Manage Roles (FOR SCHOOL ADMINISTRATORS ONLY)
Managers with this permission enabled have the ability to disable MFA for managers.
To disable MFA for any role:
- Go to Users > Learners or Managers depending on the role for the user that you would like to disable MFA for.
- Find the user and click on their name to access their profile. By default, you will land on the Details tab.
- Go to the Multi-Factor Authentication section.
- Click Disable Multi-Factor Authentication.
- Confirm by clicking Yes.