This is an optional feature!
The "2FA" feature described in this article is optional and not enabled by default. To enable this feature in your system, follow the instructions below.
"Two-factor authentication" (also known as 2FA, or MFA for multi-factor authentication) is a security method that requires two forms of identification in order for a potential user to log into the system. Catapult LMS has released an optional 2FA feature that Admin-level users can activate if they want to ensure a higher level of security for their users.
Catapult's implementation of 2FA uses SMS text messaging specifically, with a backup email option available for Admin users at their discretion.
It is important to note that once 2FA is enabled for your account, all users will need to authenticate via 2FA going forward. Authentication cannot be limited to specific user types, and no other kind of exceptions (individual or otherwise) can be made.
2FA involves additional costs!
The "2FA" feature involves additional costs for your organisation. If you'd like further information on this, please send an email to support@catapult-elearning.com.
Setting up 2FA for your Catapult LMS account
Any Admin-level user can enable (or, later on, remove) the 2FA functionality for your Catapult account by following the steps below.
First, click Administration > Organisation settings via the top menu bar, and then click on the Edit link for your organisation;
Next, select Preferences & Security Settings on the side navigation menu, and then enable the Enable 2FA option in the Security Settings panel. Be sure to click Edit to unlock the page, and then click Save when you're done!
After enabling 2FA, the next time that anyone attempts to log into Catapult LMS, they will be required to authenticate via SMS going forward.
If you later decide to deactivate 2FA, you can do so by following the steps above and ticking the "Enable 2FA" checkbox off, but note that some data fields cannot be removed from your system view after deactivating 2FA.
Important note; If you decide to activate 2FA for your Catapult system, you may want to consider including some relevant information in the welcome email that is automatically sent to students when their user account is created. If you'd like to do this, please send an email to support@catapult-elearning.com - we can help you to apply changes to a number of automated email notifications that are sent out by the system.
Setting up 2FA as a user
If a user attempts to access Catapult LMS for an account that has 2FA enabled, if they haven't configured 2FA yet, they will need to do so before they can proceed. After providing their username and password, they will be shown to the following page, asking them to provide a phone number;
After the user has entered their phone number and verified that it's correct, they'll be able to request a one-time code be sent to them via text.
The user will receive a text from "LMSTraining", and they'll be provided with a six digit code. They'll need to provide this number and then click Verify code to proceed.
Doing this will link their phone number to their Catapult profile and ensure that only someone who has access to both their password and their phone will be able to log in as them going forward.
Using 2FA as an ongoing user
Once 2FA has been configured for a user as per the above, they'll need to enter a code that is sent to their mobile phone when their initial username + password entry is accepted;
Note that if a user enters an incorrect code three times in a row, their profile will be locked for one hour. During this time, they will not be able to log in (unless an Admin unlocks their account, more on this below).
Users can also click the Resend Code button to have a new code sent to them (in case they didn't receive it). Note that users can only click the Resend Code button five times before this option disappears (at which point they'll need to use one of the codes that was sent to them previously).
Supporting 2FA as an Admin
As the Admin user of a Catapult account using 2FA, you can see who has and has not configured their authentication by whether or not there is a green tick present under the 2FA column of any Users page;
As an Admin, you can also allow a user to login using a code sent via email on a case-by-case basis (for example, if a student has lost their phone, you can send them a code via email instead). To do this, click the little key icon in the screenshot above - they'll receive an email that looks like the below example.
If a user's account has been locked because they've provided too many incorrect codes in a row, you will see a little lock icon to the right of the green tick. You can click this icon to unlock the user's account. Note that they will still need to log in using 2FA, so if they're having difficulty with their phone, you may wish to click the key icon to send them an email code as well.
To review the costs associated with your use of 2FA SMS in Catapult, you can click Administration on the top menu bar followed by 2FA SMS on the drop-down menu.
Frequently Asked Questions
Can I exclude certain specific users or roles from needing to use 2FA in my account?
No, this is an everybody-or-nobody feature. If 2FA is enabled for your account, all users will need to configure 2FA using their mobile phone going forward.
I've locked my account by providing too many incorrect 2FA codes. What should I do?
You can either wait an hour for the account to unlock naturally, or contact an Admin user in your account so that they can manually unlock your profile. Do not contact Catapult Technical Support for this - for security reasons, we are unable to unlock any profiles that have been locked by 2FA.
Can I deactivate 2FA at any time after activating it?
Yes, although note that some data fields (e.g. the "2FA" column) will not be removed from your organisation if 2FA is deactivated.
How does 2FA affect my organisation if we're accessing Catapult resources via LTI?
If you're using LTI integration to make Catapult resources available in an external system (such as Vasto, VETtrak, Moodle, etc) then any users who access our resources via that system will not need to authenticate via 2FA, even if 2FA is enabled. This is because authentication happens as part of the LTI process, and we consider your external system of choice to be trustworthy.
Note that if you enable 2FA for your LTI-activated account and your Admins and/or Trainers choose to log into Catapult LMS directly, then they'll need to authenticate via their mobile phones.
Comments
0 commentsPlease sign in to leave a comment.