Two-Factor Authentication

Add a secondary security factor to your staff's login experience in ALIS.

Two-Factor Authentication Overview

Two-Factor Authentication refers to a security setting that requires a second factor to users' logins. With this security setting enabled, login to ALIS is dependent on staff typing a code received outside of ALIS into the login screen in addition to their password.

• This secondary security factor can be one of three things: Email or SMS authentication, or Authentication App.
• All three authentication options generate a one-time expiring code that staff are required to type on their login page in order to login to ALIS.
• This is in addition to the primary authentication of their username and password.
• The type of authentication is set for an entire community. It is not possible to set some types for some users and another type for others.

Types of Authentication: Email, SMS, or Authentication App

1. Email - This option requires users to check their email for a code to login to ALIS. This does not have to be an email address set anywhere within ALIS on their staff profile.
2. SMS - This option requires users to check their mobile phone text messages for a code to login to ALIS. This does not have to be a phone number set anywhere within ALIS on their staff profile.
3. Authentication App - This is the most secure option, but it is likely to need additional setup for some staff. This option requires that staff download an app onto their smart mobile device that has a camera. Once downloaded, staff will open the app each time they are required login with the authentication code. (They will only need to use the camera the first time.)
   • Any type of phone can download one of many apps available in the phone's app store. Navigate to the phone's the app store and search 'Authenticator App'. Two that are most simple and recommended are Microsoft Authenticator and Google Authenticator. Once you download one of the apps to the phone, follow the below steps to get started.

Set up Two-Factor Authentication in ALIS

This feature is behind an entitlement and must first be turned on by the ALIS team. Contact your administrator or our ALIS Customer Success Team to enable the entitlement. Once the entitlement is enabled, you must turn on Two-Factor Authentication and set the authentication type preference per community. You will then need to go to Settings > Community. 

1. In the General tab, move the Two Factor Authentication toggle to On.
2. This expands a Two-Factor Authentication section at the bottom of the page where you need to set the authentication preference type for all users at that community. Refer above for details about the three types of authentication factors, and move the toggle to your preferred method of authentication. Your selections are automatically enabled for all staff profiles within the community.

Disable Two-Factor Authentication for Staff

You have the ability to disable the Two-Factor Authentication for specific staff profiles that you do not want to require the extra authentication.

1. Go to the Staff Profile either from the All Staff page or by searching for their name in the top right Dashboard search bar.
2. Scroll down and click on the Login & Access blue bar. Toggle the option Two-Factor Authentication Status to Disabled.
   • When disabled, this individual will be able to login to ALIS without the authentication code.

Staff Login Experience

1. The first time you login to ALIS with the Two-Factor Authentication enabled, you will need to  verify your second factor. 
   • If this is email or SMS, you be prompted to type either the email or phone number to receive the authentication code. This is the email or SMS that will be used going forward. Once you type it and click Verify, check the email inbox or phone that received the email or message for the code. Type the code into the ALIS login screen. Then, type your password again.
     
     
     
     
   • If the second factor is an authentication app, open the app on the phone. In the app on the phone, choose the option to scan a QR code. This opens the camera on the phone, and you just need to hold up the phone to your ALIS login screen to focus on the QR code. The code looks like this:
     
     
     
     
     • Once the phone recognizes the code, the camera will close and you will receive your numerical code on another screen within the phone app under a heading that says ALIS. Click the Verify button on your ALIS login page and type the code displaying in the phone's app. This code will refresh after a certain amount of time, so it is ideal to type the code immediately once it displays on the phone. 
     • For subsequent logins, you will not have to take a picture of the QR code again. You simply open the app on the phone to find the numerical code to type in the ALIS login page.
2. Once you have verified your second factor, future logins will only require the username, password, and code. ALIS will remember the place the code was received from initially, so you must maintain access to the inbox, phone, or app where they can check for a new code each time it is required.
   • If you need to reset the email, phone, or app that is set up to receive the code, an administrator can Reset this in the Login & Access section of the staff profile. Then, staff can complete the verification step again the next time they login to ALIS.

Related Articles:

• ALIS Login Basics
• What should I do if I am unable to login?
• Login Lockdown by IP Address
• Single Sign-On (SSO)

For more assistance with Two-Factor Authentication,

Contact our ALIS Customer Success Team:

 888.404.ALIS (2547) or support@go-alis.com