Introduction

CharityEngine has a robust configuration availability for your organization and strongly encourages use of two-factor authentication. Two-factor authentication (2FA) offers several important benefits for enhancing the security of online accounts and systems.

Benefits include:

1. Enhanced Security: 2FA adds an extra layer of security beyond just a password. It requires users to provide two different authentication factors, typically something they know (password) and something they have (a mobile device or hardware token). This makes it significantly harder for attackers to gain unauthorized access.
2. Protection Against Password Theft**: Even if someone manages to steal or guess your password, they won't be able to access your account without the second authentication factor. This helps protect against password-related attacks such as phishing, keylogging, or credential stuffing.
3. Mitigation of Unauthorized Access**: 2FA helps prevent unauthorized access to your account.
4. Reduced Risk of Data Breaches**: When organizations implement 2FA for their employees, it reduces the risk of data breaches because even if an attacker obtains an employee's password, they still can't access the account without the second factor.
5. Compliance**: Many regulatory bodies and industry standards (e.g., GDPR, HIPAA, PCI DSS) require organizations to implement strong authentication mechanisms like 2FA to protect sensitive data.
6. Remote Access Security**: For remote access to corporate networks or systems, 2FA is particularly important. It ensures that only authorized personnel can access sensitive systems even when they are outside the office.

Instructions: Configuring Organizational Settings

Step 1: To configure the Two-Factor Authentication, navigate to the Configuration App > Security > Authentication.

Step 2: Configure the settings for Untrusted Network Policy

The Untrusted Authentication Policy will apply for users who are logging into an unknown network. An unknown network is any network that has never been used by a user to login to CharityEngine. For example, if a user is telecommuting or is in a network location, the network will be unknown to CharityEngine

1. 1. 1. Basic - do not require factor
      2. Two-Factor - require two-factor for all users
      3. Two-Factor (super users only) - require two-factor for only users assigned as Super User roles

Step 3: Configure settings for Trusted Authentication Policies

The Trusted Authentication Policy will apply to networks that have been approved, either by manually entering the IP address into the CharityEngine database (for instructions on how to manually enter the IP address, click here), or approving the network when you log in for the first time.

1. 1. 1. Basic - do not require factor
      2. Two-Factor - require two-factor for all users
      3. Two-Factor (super users only) - require two-factor for only users assigned as Super User roles

Step 4: Configure Inactive User Lockout policies

1. Select days preference for the organization - CharityEngine recommends 30 days or less

Authentication Levels

Basic Authentication

Basic Authentication will provide the least amount of security with your accounts. When a user logs in for the first time from an unknown network or an untrusted network, a blue bar will appear at the top of the screen asking if the network you are using a trusted network. If the network you are using is a home network or work network, select yes. If the network is a public network, select no to prevent the IP Address from being added to the Trusted IP list. The message will not appear for the same IP again once you have selected yes or no.

Two-Factor Authentication

For best practices and security, CharityEngine encourages users to configure Two-Factor Authentication. This will trigger a text or an email every time a user logs into the account. If there is a cell phone in the database for the account, once the user enters their username and password, a text will be sent to the user.

If there is no cell phone, an email will be sent. The user will then have to enter the code that was sent for the two-factor  authentication

Note: If you only want two-factor authentication the first time a user is logging into a new network, select basic for the trusted network policy and two-factor for the untrusted network policy

                                                  

Note: you will not be able to enter the code multiple times. If you have entered the code incorrectly, a new code will have to be sent and entered correctly for access to the system. Please ensure you are entering the code correctly, as too many tries will lock the account.

Two-Factor Authentication (Super User only)

This authentication is exactly as it sounds, only for super users. It will have all the same characteristics as the Two-Factor Authentication described above, but will only apply to accounts with the Super User access role. Superusers have the most access to CharityEngine features and data.

Setting Users for Email or Text (Contact Record)

If a user would like to add or update 2-Factor access, please access the user's CharityEngine contact record.

Step 1: From the Contacts App > Organization & People > Contacts

Step 2: Access the Email or Phone number

Step 3a: If adding/editing a phone number, enter the phone number as type Mobile. Ensure Receive SMS is set to Yes and Preferred SMS is set to Yes. Click SAVE to secure.

Step 3b: If adding/editing an email, enter the email address. Ensure Active is set to Yes, Receive Email is set to Yes and Preferred is set to Yes. Click SAVE to secure.

FAQs & Additional Materials

• Sustainers: How to Create and Manage Recurring Donors
• Manually Entering Trusted IP Addresses
• Contacts: How to Create, Use and Manage Cases
• How to Configuring URL Redirects
• Contacts: Managing Contact Status Types and Priority
• Shipping and Handling Fee Configuration
• Email Campaigns & Web Forms: How to Add System/Global Tokens and Conditional Blocks
• Configuration: How to Configure for a Fiscal Year and Downstream Reporting
• Developer: Integration with Google Analytics and Google Tag Manager Tracking
• Contact Records: Creating Custom Field Groups and Custom Fields
• Configuration
• API Configuration: How to Configure your WealthEngine API Key
• Configuration: User Role Permission Levels
• Credit Card Automatic Updater: How to Configure the Card Updater and Overrides
• Memberships: How to Create a Membership Type (Configuration)
• API: Google Maps Integration for Addresses
• Developer: API - Public API Troubleshooting
• QuickBooks Integrations with CharityEngine
• Donations-Batch Entry: How to Set-up & Enter Donations Via Batch Processing
• Online: Configuring API User Account
• User Account Settings & Administration
• Browser Security Changes & Iframeing CharityEngine Donation Forms & Online Fundraising Apps
• Contacts/Transactions : Quick Filter - My Preferences
• Opportunities & Moves Management: Comprehensive Guide for Set Up, Configuration, and Reporting
• Data Governance: How to Manage Data Storage Limits
• Configuration: Critical Configuration Setting Monitoring
• Email Deliverability Best Practices
• Configuration: Whitelisting IP Addresses