Introduction
CharityEngine has a robust configuration availability for your organization and strongly encourages use of two-factor authentication. Two-factor authentication (2FA) offers several important benefits for enhancing the security of online accounts and systems.
Benefits include:
- Enhanced Security: 2FA adds an extra layer of security beyond just a password. It requires users to provide two different authentication factors, typically something they know (password) and something they have (a mobile device or hardware token). This makes it significantly harder for attackers to gain unauthorized access.
- Protection Against Password Theft**: Even if someone manages to steal or guess your password, they won't be able to access your account without the second authentication factor. This helps protect against password-related attacks such as phishing, keylogging, or credential stuffing.
- Mitigation of Unauthorized Access**: 2FA helps prevent unauthorized access to your account.
- Reduced Risk of Data Breaches**: When organizations implement 2FA for their employees, it reduces the risk of data breaches because even if an attacker obtains an employee's password, they still can't access the account without the second factor.
- Compliance**: Many regulatory bodies and industry standards (e.g., GDPR, HIPAA, PCI DSS) require organizations to implement strong authentication mechanisms like 2FA to protect sensitive data.
- Remote Access Security**: For remote access to corporate networks or systems, 2FA is particularly important. It ensures that only authorized personnel can access sensitive systems even when they are outside the office.
Table of Contents
Instructions: Configuring Organizational Settings
Step 1: To configure the Two-Factor Authentication, navigate to the Configuration App > Security > Authentication.
Step 2: Configure the settings for Untrusted Network Policy
The Untrusted Authentication Policy will apply for users who are logging into an unknown network. An unknown network is any network that has never been used by a user to login to CharityEngine. For example, if a user is telecommuting or is in a network location, the network will be unknown to CharityEngine
-
-
- Basic - do not require factor
- Two-Factor - require two-factor for all users
- Two-Factor (super users only) - require two-factor for only users assigned as Super User roles
-
Step 3: Configure settings for Trusted Authentication Policies
The Trusted Authentication Policy will apply to networks that have been approved, either by manually entering the IP address into the CharityEngine database (for instructions on how to manually enter the IP address, click here), or approving the network when you log in for the first time.
-
-
- Basic - do not require factor
- Two-Factor - require two-factor for all users
- Two-Factor (super users only) - require two-factor for only users assigned as Super User roles
-
Step 4: Configure Inactive User Lockout policies
- Select days preference for the organization - CharityEngine recommends 30 days or less
Authentication Levels
Basic Authentication
Basic Authentication will provide the least amount of security with your accounts. When a user logs in for the first time from an unknown network or an untrusted network, a blue bar will appear at the top of the screen asking if the network you are using a trusted network. If the network you are using is a home network or work network, select yes. If the network is a public network, select no to prevent the IP Address from being added to the Trusted IP list. The message will not appear for the same IP again once you have selected yes or no.
Two-Factor Authentication
For best practices and security, CharityEngine encourages users to configure Two-Factor Authentication. This will trigger a text or an email every time a user logs into the account. If there is a cell phone in the database for the account, once the user enters their username and password, a text will be sent to the user.
If there is no cell phone, an email will be sent. The user will then have to enter the code that was sent for the two-factor authentication
Note: If you only want two-factor authentication the first time a user is logging into a new network, select basic for the trusted network policy and two-factor for the untrusted network policy
Note: you will not be able to enter the code multiple times. If you have entered the code incorrectly, a new code will have to be sent and entered correctly for access to the system. Please ensure you are entering the code correctly, as too many tries will lock the account.
Two-Factor Authentication (Super User only)
This authentication is exactly as it sounds, only for super users. It will have all the same characteristics as the Two-Factor Authentication described above, but will only apply to accounts with the
Setting Users for Email or Text (Contact Record)
If a user would like to add or update 2-Factor access, please access the user's CharityEngine contact record.
Step 1: From the Contacts App > Organization & People > Contacts
Step 2: Access the Email or Phone number
Step 3a: If adding/editing a phone number, enter the phone number as type Mobile. Ensure Receive SMS is set to Yes and Preferred SMS is set to Yes. Click SAVE to secure.
Step 3b: If adding/editing an email, enter the email address. Ensure Active is set to Yes, Receive Email is set to Yes and Preferred is set to Yes. Click SAVE to secure.