MFA Requirement for FE and RE

Roberta A. Gilbert
Roberta A. Gilbert
Eighth Anniversary Kudos 4 Financial Edge NXT Fall 2025 Product Update Briefing Badge Name Dropper
in SKY Developer General Discussions
  1. Does the new MFA requirement accept hardware authentication like a Yubikey? This is widely supported now, but unfortunately, I don't see Blackbaud on this list:
  1. I'd like to officially request this support ASAP. We have a mixed bag of people who use iPhones, Android, MacOS, Windows, and different devices at home vs work, etc. Not everyone is comfortable using business authentication on their personal devices. Being able to have a portable and encrypted hardware authenticator would be immensely useful here, especially if we already own one that we can add Blackbaud to. Also, SMS is generally unencrypted - not the best choice for authentication codes on financial software logins (despite banks continuing to do this, but then banks are often behind in security technology).
  2. 2nd question: The knowledgebase pages the MFA emails link to explain how to turn MFA OFF as well as how to use it. Will we be allowed to turn it off on a person by person basis, or is MFA going to be absolutely required as the email stated? (Maybe the KB pages need updating here.)

Thank you very much!

Comments

  • Faith Murray
    Faith Murray
    Tenth Anniversary Kudos 5 First Reply Name Dropper

    Absolutely agree with @Roberta A Gilbert on needing access to a hardware authentication option. Not all of our users are comfortable with using their personal (phone) devices for business authentication, which would be out of step with our existing user practices. (For example, we don't use our own personal computers when remoting into work - we use work-issued laptops, to avoid security vulnerabilities.)

    In a system like RE where fundraisers use the software on the road, you can't be restricted to a business landline for your two-factor authentication. Blackbaud's new requirement, therefore, requires users to register their personal cellphone numbers, which seems unacceptable.

    Our bank provides us with a fob specific to our user and which requires an additional PIN number to access. Can BB provide us with the option to implement fobs?

  • Heather MacKenzie
    Heather MacKenzie
    Tenth Anniversary Kudos 5 August 2025 Monthly Challenge Badge bbcon 2025 Attendee Badge

    I asked, earlier this week, and BB is not yet supporting a hardware auth process. I have an idea already in the idea bank. You can go vote for it.

  • Heather MacKenzie
    Heather MacKenzie
    Tenth Anniversary Kudos 5 August 2025 Monthly Challenge Badge bbcon 2025 Attendee Badge
  • Heather MacKenzie
    Heather MacKenzie
    Tenth Anniversary Kudos 5 August 2025 Monthly Challenge Badge bbcon 2025 Attendee Badge

    I have troubles linking to a specific idea rather than the main Ideas Bank page, so I'll add that it's idea “number” RENXT-I-5096 and titled “Enable Multi Factor Authentication on a hardware security device in addition to mobile usage.”

  • Dan Snyder
    Dan Snyder Community All-Star
    Tenth Anniversary Kudos 5 bbcon 2025 Attendee Badge PowerUp Challenge: Product Update Briefing Feedback Task 3

    Heather MacKenzie:

    I have troubles linking to a specific idea rather than the main Ideas Bank page, so I'll add that it's idea “number” RENXT-I-5096 and titled “Enable Multi Factor Authentication on a hardware security device in addition to mobile usage.”

    Here is the link and it did take a bit of work to copy so it went directly there:

  • Michael Panagos
    Michael Panagos
    Tenth Anniversary Kudos 2 Name Dropper Facilitator 1

    I agree this is a needed option. Our solution right now is to connect Blackbaud to a Single Sign-On provider like Microsoft, Google, Okta, etc. which support Yubikeys.

  • John Vogel
    John Vogel
    Fifth Anniversary Kudos 1 Name Dropper Participant

    Hi @Roberta A Gilbert, similar to @Michael Panagos noted in this thread, the solution to have control over your organization's security is to establish an SSO connection between your Identity Provider and Blackbaud.

    Please note that any users signing in with SSO will not be impacted by the MFA enforcement.

  • Deb Dressely
    Deb Dressely
    Tenth Anniversary Kudos 3 Name Dropper Participant

    @Roberta A Gilbert Unfortunately, there is no option to turn it off. We have users who can't get on and establishing an SSO connection isn't a 10 minute process. So I guess if users can't access RE it must be more secure!

  • John Vogel
    John Vogel
    Fifth Anniversary Kudos 1 Name Dropper Participant

    @Roberta A Gilbert I wanted to give you an update that I've personally verified Yubikeys do work with Blackbaud ID MFA. You can read about it in the Enable MFA with a hardware token and authenticator app (no mobile phone required) section we've added to:

  • Roberta A. Gilbert
    Roberta A. Gilbert
    Eighth Anniversary Kudos 4 Financial Edge NXT Fall 2025 Product Update Briefing Badge Name Dropper

    @John Vogel

    Thank you so much for replying and updating the online docs! This is great news, much appreciated!

    For those considering buying a hardware security key, Yubico offers a 20% educational discount on 2 or more keys to anyone teaching/working at a school. The offer is good through 12-31-22. They have other program discounts too. Thanks again!

  • Faith Murray
    Faith Murray
    Tenth Anniversary Kudos 5 First Reply Name Dropper

    @John Vogel

    I found the answer to my previous question, so re-posing a new one. ? Can a Yubikey key work with a Last Pass account on a PC for the purposes of logging into Blackbaud?

Categories