Two-Factor Authentication

Two-Factor Authentication refers to a security setting that adds a second factor to staff logging in with a username and password. This relies on staff to receive a code outside of ALIS and type it into the login screen in addition to their password.

• This secondary security factor can be one of three things: Email or SMS authentication, or Authentication App.
• All three options will generate a one-time expiring code that staff are required to type on their login page in order to login to ALIS.
• This is in addition to the primary authentication of their username and password.
• The type of authentication is set for an entire community. It is not possible to set some types for some users and another type for others.

Types of Authentication: Email, SMS, or Authentication App

Staff Login Experience

Setup in ALIS

Types of Authentication: Email, SMS, or Authentication App

1. Email This requires everyone to check their email for a code to login to ALIS. This does not have to be an email address set anywhere within ALIS on their staff profile.
2. SMS This requires everyone to check their mobile phone text messages for a code to login to ALIS. This does not have to be a phone number set anywhere within ALIS on their staff profile.
3. Authentication App This is the most secure option, but is likely an unknown method some staff. This requires that staff download an (often very light) app onto their “smart” mobile device that has a camera. They will open the app each time they are required login with the authentication code. (They will only need to use the camera the first time.)
   • Any type of phone can download one of many apps available in the phone’s app store.
   • Once you are in the app store on the phone, search ‘authenticator app’. Two that are most simple and recommended are Microsoft Authenticator and Google Authenticator.
   • Once you download one of the apps to the phone, you can follow the steps below to get started!

Staff Login Experience

1. First they must type in their username and password and verify their second factor.
   • If this is email or SMS, they simply type the email or phone number that they will use going forward to receive their authentication code. Once you type it and click Verify,  check the email inbox or phone that received the email or message for the code. Type the code into the ALIS login screen. This will also require them to type their password again.
   • If the second factor is an authentication app, open the app on the phone.
     • In the app on the phone, choose the option to scan a QR code.
     • This opens the camera on the phone, and you simply hold up the phone to your ALIS login screen to focus on the QR code. The code looks like this:
     • You do not even have to click the camera’s shutter. Once the phone recognizes the code, the camera will close and you will receive your numerical code on another screen within the phone app under a heading that says ALIS.
     • Click the Verify button on your ALIS login page and type the code displaying in the phone’s app. This code will refresh after a certain amount of time, so it is ideal to type the code immediately once it displays on the phone. 
     • For subsequent logins, the user will not have to take a picture of the QR code again. They simply open the app on the phone to find the numerical code to type in the ALIS login page.
2. Once you have completed the above step, future logins will only require the username, password, and code. ALIS will remember the place they received the code initially, so staff must maintain access to the inbox, phone, or app where they can check for a new code each time it is required.
   • If they need to reset the email, phone, or app where receive their code, an administrator can Reset this in the Login & Access section of their staff profile. Then staff can  complete the verification step again the next time they login to ALIS.

Setup in ALIS

1. This feature must first be turned on by the ALIS team. Contact your onboarding manager or the ALIS Support team to turn it on for your organization.
2. In Community Settings, we turn this on and configure a few details for each community.
   • Go to Settings > Community.
   • Verify the community you wish to set up in the top right menu.
   • In the General tab, find in the General Configuration section ‘Two Factor Authentication’. Click the On switch.
   • Scroll to the bottom of the page and find the Two-Factor Authentication section. Here we have two settings: the second factor type, and the frequency with which staff will need to verify their login using the second factor.
     • Refer above for details about the three types of authentication factors.
     • The Challenge Frequency menu gives these options: Every Login, Daily, Weekly, and Quarterly. If you select the more frequent options, ALIS is more secure from username and password breaches, but your team faces a more frequent barrier to logging in.
3. Your selections are automatically enabled for all staff profiles within the community. You can disable the second factor for specific staff profiles. Simply switch the option to Disabled in the Login & Access section of their staff profile.
4. All set! Please contact ALIS Support for troubleshooting your team has trouble logging in with their second factor code.