Setting Up Veracross Two Factor Authentication (2FA)

 

These directions will walk you through the process of setting up 2FA with Veracross.  2FA allows for a more secure system and helps to protect our data from any breaches or attacks.  Moving forward you will be required to provide both your username and password, as well as an authentication code via which app you download.  We will not require you to use a specific app for this purpose, but will recommend one and provide details below for using that app.

 

Due to the ease of use, we are recommending that you use the Microsoft Authenticator app as the app of choice.  Again, this is not required, but recommended.  You can select any authenticator app of your choosing.  The following directions will show how to set up 2FA using the Microsoft Authenticator app.

 

You can read more about 2FA here: Multi-factor authentication

 

What  App do we recomend you use?

• Microsoft Authenticator

 

Once enabled, if you are currently logged in to Veracross, please log out of the system and return to the login page.

 

Multi-factor authentication (MFA) is a security feature that requires users to provide an additional form of authentication beyond username and password to log into an application.

 

While there are a variety of MFA options (security questions, biometrics, voice recognition, security keys, etc.), Veracross supports two methods of MFA:

1. Time-based One-Time Passcode (TOTP). By using TOTP, a six-digit code is generated by an authentication application, and is entered during the login process after the username and password screens. This form of MFA is widely supported by most authenticator apps, including Microsoft Authenticator, Authy, Duo, 1Password, LastPass, etc.

2. Email. By using email, a user is sent a single-use six-digit code to their primary email, which is then entered during login process after the username and password screens.

While we are offering both methods as options for you, we highly recommend using the Time-based One-Time Passcode using an Authenticator App as this is a much more secure way to process MFA.

 

The next time you login to Veracross, after entering your username and password you will be greeted with this screen:

 

 

If you choose the recommended method of setting up an Authenticator App, you can follow the directions below.  Directions for setting up Email are listed at the bottom.

AUTHENTICATOR APP:

 

1. On your mobile device, open your app store and search and install Microsoft Authenticator.

 

2. Login to Veracross with your username and password.

 

3. You will be presented with a secondary page that contains a QR code.  This code will be used to scan via the Microsoft Authenticator app.

 

Note:  DO NOT scan the QR code in this documentation (screenshot below).  You need to scan the code that pops up on your local machine after entering your username and password.

 

4. Open the Authentication app, and if this is your first time using the app, click on Agree.

 

5. Click the option to “Scan a QR code”

 

 

6. Once allowed, your camera should open in order to scan the code.  If it does not, click the button to Add account..

 

 

7. If presented with a pop-up indicating this will overwrite your current information, click the button to Continue.  If you are not taken directly to the code, click on the Authenticator option in the bottom left of the app.

8. This will automatically set up the Veracross 2FA within the Microsoft Authentication app and display the code you will need to now log in to Veracross.  These codes change every 30 seconds so make sure to type the code into the login window as quickly as you can and click the Verify button..

Save Code for 7 Days Option

 

9. After entering the code you will be asked to save a recovery code for any instance in which you need to access Veracross but do not have access to the code on your app via Microsoft Authenticator.  Write this code down (the one displayed on your machine and not the one below in the screenshot) for your reference and click Continue.  You will then be logged in to Veracross and can continue as normal.

 

 

Moving forward, any time you log out of Veracross and log back in, you will be required to enter a new 6-digit code from the Microsoft Authentication app.  This also includes anyone who may have access to any of our other portals, such as the Parent, Employee, or Admissions.

 

Note:  The recovery code above is used in any instance you do not have the authenticator app available and need to log in.  If you do not have access to the app and do not have your recovery code, you CANNOT log into the system.  If you are using the recovery code, please also include the dash/hyphen (-) in the code when entering or else it will not work.  Each time you use the recovery code it will reset to a new code, so please write down the new code any time you use it to log in.

 

EMAIL:

If you choose email, you will receive the email through your Shady Side Academy email and have 10 minutes to enter the code.  The process will look like the following:

 

Upon clicking the "Send Email..." button on the MFA option screen, the user will then receive an email from Veracross with a six-digit one-time verification code. The user must then enter that code into the Veracross screen.

 

3. At this point, whenever users log in, they will automatically be sent the six-digit one-time verification code to their primary email. 

Users may also choose the "Remember me for 7 days" option, which will store a cookie in their browser so the next time they log in, we can skip the MFA challenge step. The cookie will expire after 7 days. Their device location is also checked so that if they're logging in from another location (approximately 300 miles by IP geolocation), they will be asked for an MFA code regardless of their request to be remembered.