Two Factor Authentication

Two Factor Authentication

Overview

To enhance the security of access to Compass at your school, you can enable Two Factor Authentication.  This will require your users to confirm their identity via email or SMS when logging in to your school's portal. 
Please note: If your portal has SAML/SSO enabled, a banner will display above the page to advise you that the Compass 2FA settings will not apply. All MFA settings should be applied in your SAML/SSO provider, and will automatically apply upon login to Compass.

Permissions

To enable/manage the Two Factor Authentication settings, you will need the permission Configure which will give access to the Security Settings page which is located in the Administration Tools menu (under the cog menu icon).

Please refer to our Permission article in the Knowledge Based for further details on assigning staff permissions.

Enabling Two Factor Authentication

To enable Two Factor Authentication (2FA) you will need to go to the cog menu icon in the top right of your Compass screen and click on Administration Tools.  Within this menu, click on Security Settings.

     



To enable for Staff, tick the associated box.

To enable for Students, tick the associated box.
You can enable the methods you want the 2FA codes to be delivered via.  You can also set the number of days before the user will be re-prompted for 2FA.

Click 'Save' at the bottom of the page to update your settings.

Email Domain Blacklist

Enter any email domain you wish to blacklist from receiving 2FA codes; this will prevent them from accessing the system should they attempt to log in.

     


     

Login when 2FA is enabled

When 2FA is enabled, the user will go to their standard Compass portal login screen and enter their username and password.  When they click 'Sign In' it will then prompt them that 2FA is enabled and they can then choose to have their Access Code issued via email or SMS. 

     



When they receive the Access Code, they can enter it click 'Sign In' to proceed with their login.

     



Please note, if a user only has either an email or an sms on file, the access code will be issued by default to the type they have on file.

    • Related Articles

    • Security

      Overview The safety and security of data within Compass is of the utmost importance. There are security measures in place to ensure that your user community is safeguarded against potential threats. Via the 'Security Settings' page, schools have ...
    • Authentication

      Overview The CompassLink service runs inside your school and allows your users to authenticate using your existing LDAP infrastructure (such as Active Directory or Open Directory). This removes the need for separate password management and accounts ...
    • CompassLink

      Overview Compass integrates with your school infrastructure using the CompassLink service. The CompassLink service communicates between LDAP infrastructure such as Active Directory or Open Directory, and School Information Systems such as Cases21, ...
    • PaperCut Integration

      Overview Compass now integrates directly with PaperCut using CompassLink. The previous method of integrating via the SUSSI Service is no longer supported. While most schools use CompassLink already for authentication with Compass, this article will ...
    • General Import - VIC Importing from CASES

      Overview Compass School Manager requires student, staff and parent information to be provided in a specific format (for a detailed guide download the Mapping Guide in the top right of this article). This document details how to setup ...