Multi-Factor Authentication (MFA) - Implementation Guide for Managers

Once the school/trust/college have decided to implement MFA then a plan needs to be developed to communicate with users and to assist with getting them on board. Here is a simple approach that you can modify to suit your own situation.

  1. Create a GVO Discussion (either open to all users or to a pilot group) explaining the reason for implementing MFA and what it means for users along with the timescale for the change. This discussion can act as a place where users can add comments/questions about the change.

    The discussion could contain text as follow...
    ________________________________________________________________
    In order to increase security of the information stored in GVO we have taken the decision to implement Multi-Factor Authentication (MFA). This will mean when logging in you will use your existing email address and password but will need an additional six digit code from an Authenticator. Please do not panic - it is easier than it sounds and you will not need to do this every time you login if you are using a 'trusted device'.  You may also know this as 'two-factor authentication' and be familiar with it from other platforms and services you use.

    This change will take place over the next few months with a target that everyone is using MFA by the start of the next academic year. The change will be managed in phases...

    Phase 1 - MFA will be 'Optional'. You set up MFA from your user profile if you want to and at a time to suit.
    Phase 2 - MFA will be 'Suggested'. Every time you login you will be offered the chance to register for MFA but there will be an option not to.
    Phase 3 - MFA will be 'Mandatory'. You will not be able to login without registering for MFA.

    To set up MFA you will require an 'Authenticator' App set up on your smart-device (phone/tablet) - you may already use one of these for other systems but if not there are several available via your App Store - Google Authenticator, Microsoft Authenticator, Authy etc.

    If you do not have a smart device then MFA can be set up to send passcodes via email - please speak to your local GVO Manager.

    Help about MFA is here - MULTI-FACTOR AUTHENTICATION HELP
     ______________________________________________________________
     
  2. Go to the Settings area and set up MFA as 'Optional'.
     
  3. After a period of time change the setting to 'Suggested'
     
  4. Finally set the MFA setting to 'Mandatory'


You will want to monitor the progress with users registering for MFA in Phase 1 (Optional) and Phase 2 (Suggested) - this can be done using the User Reporting feature (visit Users, Boards and Reporting and select the User Reporting Tab - there is a column in the report that will show the MFA status of each user (none, App or email).

The actual wording and timescales can be decided locally - if you need assistance please call the GVO Support Team on 01273 92066

Full Help about MFA here - MULTI-FACTOR AUTHENTICATION HELP