MFA support

Roberta A. Gilbert · May 2022

Although we have our domain registered through Google, we have a mixed bag of people who use iPhones, Android, different devices at home vs work, etc. Also, SMS is notoriously not secure - it's generally unencrypted and is not the best choice for authentication codes on financial software logins. Does the new MFA requirement accept hardware authentication like a Yubikey? If not, I'd like to request this immediately.
2nd question: The knowledgebase pages the MFA emails link to explain how to turn MFA OFF as well as how to use it. Will we be allowed to turn it off on a person by person basis, or is MFA going to be absolutely required as the email stated?

Kristy Soular · May 2022

When I set up MFA for NXT, I chose the (Microsoft Authenticator) app option which our company already utilizes for Office 365. If your staff wants to use their phones, I would suggest this option through Blackbaud for MFA to avoid SMS. It's different than Office in that the app produces a code you need to input on Blackbaud at sign in the first time from a new device instead of just hitting approve.

Christina Imbriani · May 2022

Hi @Roberta A Gilbert, passing along some Resources we have put together for MFA updates.

Here is a link to a KB article on setting up MFA: https://kb.blackbaud.com/knowledgebase/Article/199213

Here is a link to Blackbaud docs: https://docs.blackbaud.com/bbid-docs/get-started/multi-factor-auth

We hosted a live Customer Success Session on MFA, yesterday, 5/25/22. Here is link to the on-demand recording of that: https://event.on24.com/wcc/r/3797866/79DCBE301933D13498CCF9703E86CC7B

MFA (multi-factor authentication) resources are evolving as we continue to gain feedback from Customers. Let us know if there is anything other questions we can help with.

John Vogel · May 2022

Hi @Roberta A Gilbert, the solution to have control over your organization's security is to establish an SSO connection between your Identity Provider and Blackbaud. Please note that any users signing in with SSO will not be impacted by the MFA enforcement.

When MFA is enforced a user does not have the option to turn it off. When MFA is not enforced then each user is able to turn it on and off as they please.

Roberta A. Gilbert · July 2022

@Christina Imbriani:
Hi @Roberta A Gilbert, passing along some Resources we have put together for MFA updates.
Here is a link to a KB article on setting up MFA: https://kb.blackbaud.com/knowledgebase/Article/199213
Here is a link to Blackbaud docs: https://docs.blackbaud.com/bbid-docs/get-started/multi-factor-auth
We hosted a live Customer Success Session on MFA, yesterday, 5/25/22. Here is link to the on-demand recording of that: https://event.on24.com/wcc/r/3797866/79DCBE301933D13498CCF9703E86CC7B
MFA (multi-factor authentication) resources are evolving as we continue to gain feedback from Customers. Let us know if there is anything other questions we can help with.

Thanks, @Christina Imbriani! Since I wrote that post, it looks like Blackbaud has updated their Blackbaud ID MFA intructions, and now they specifically say hardware authentication is supported!

Specifically on this page,

under Enable MFA with a hardware token and authenticator app (no mobile phone required), “To set up MFA without using a mobile phone, follow the steps in the previous section to enable MFA through a mobile authenticator and leverage an authenticator app that pairs with a hardware token. For example, you can leverage hardware such as a Yubikey and the Yubico Authenticator app. For details on how to set up a Yubikey to work with Yubico Authenticator, see Using Your YubiKey with Authenticator Codes. ”

Thank you for listening, Blackbaud!

MFA support

Comments

Categories