Multi-factor Authentication

While your email address and password help secure your Blackbaud ID, you can increase security with multi-factor authentication (MFA). MFA enables your Blackbaud ID to require a unique confirmation code — received on your personal device — in addition to your email address and password. You can receive confirmation codes:

  • Through a mobile authenticator or time-based, one-time password (TOTP) application

  • As text messages on your mobile phone (standard messaging rates apply)

Tip: Unlike with text messages, you can receive confirmation codes through a mobile authenticator when your device is off-line or has no cellular service. For more information, see Mobile Authenticators.

With this extra layer of security, someone with your password still needs the confirmation code to access sensitive data and account information through your Blackbaud ID. When you enable MFA, you receive:

  • A six-digit confirmation code — on your personal device — to further confirm your identity.

  • A 24-digit recovery code to use to access your account if you lose your mobile device or can't receive confirmation codes.

Keep in mind that, except for the solutions where Blackbaud enforces MFA, individual users decide whether to turn on MFA for their Blackbaud IDs. Admins do not control this decision. If admins need to enforce MFA for users, they must establish a single sign-on connection with Blackbaud using an identity provider and enforce MFA through that connection. See SSO Connection Summary.

  1. If necessary, download and install a mobile authenticator on your personal device. For more information, see Mobile Authenticators.

  2. On your profile, select the edit button for Multi-factor authentication and then select Turn on MFA.

  3. Select Mobile authenticator app (most secure) and then select Next.

  4. To confirm your Blackbaud ID, scan the quick response (QR) code or enter the 16-character code in your mobile authenticator.

  5. Within five minutes, enter the confirmation code that you receive on your device and then select Confirm.

    To not require a confirmation code on the same device and browser for 30 days, select Remember this browser.

  6. Save the recovery code to use if you lose your mobile device, and select Turn on multi-factor authentication.

To set up MFA without using a mobile phone, follow the steps in the previous section to enable MFA through a mobile authenticator and leverage an authenticator app that pairs with a hardware token. For example, you can leverage hardware such as a YubiKey and the Yubico Authenticator app. For details on how to set up a Yubikey to work with Yubico Authenticator, see Using Your YubiKey with Authenticator Codes.

  1. On your profile, select the edit button for Multi-factor authentication and then select Turn on MFA.

  2. Select SMS text messages and then select Next.

  3. Enter the phone number to receive confirmation codes, and select Next.

  4. Within five minutes, enter the confirmation code that you receive on your device and then select Next.

    To not require a confirmation code on the same device and browser for 30 days, select Remember this browser.

  5. Save the recovery code to use if you lose your mobile device, and select Turn on multi-factor authentication.

You can reset MFA to change the device where you receive confirmation codes or to change whether you receive the confirmation codes through a mobile authenticator app or SMS text messages.

  1. On your profile, select the edit button for Multi-factor authentication and then select Manage, Change setup.

  2. Select Change setup to reset your MFA settings.

  3. On the Blackbaud ID setup screen to enable MFA, set up MFA again by selecting whether to receive confirmation codes through a mobile authenticator app or text messages and then setting up and confirming the device that will receive confirmation codes.

To not require the confirmation code on a personal device you frequently use, select Remember this browser when you sign in with a code on that device. When you select this, your Blackbaud ID:

  • Recognizes the same device and browser for 30 days and won't ask for a confirmation code during that time.

  • Requires a confirmation code to confirm your identity on other devices and browsers, or in incognito or private sessions on the same device and browser.

Tip: For security, don't select Remember this browser on a public device used by others.

When you enable MFA, you get a 24-digit recovery code to use in case you lose your mobile device or can't receive text messages. If you lose this recovery code, you can request a new one.

  1. On your profile, select the edit button for Multi-factor authentication and then select Manage, New recovery code.

  2. To reset your recovery code, select Reset.

  3. Save the recovery code in a secure location, and select Close.

Your recovery phone number backs up your MFA recovery code and ensures that you are never locked out of your Blackbaud account. This option is only available if you authenticate through a mobile authenticator app.

You get your 24-digit recovery code when you set up MFA to access your Blackbaud account even if you can't receive MFA confirmation codes. But if you lose your recovery code, you can still be locked out of your account. By setting up a recovery phone number, you enable a backup method to confirm your identity so that you can access your account and re-configure MFA even if you don't have your recovery code.

If you authenticate through a mobile authenticator app, you are prompted to add a recovery phone number after you sign in. Enter the mobile phone number to use as a backup if you lose your recovery code and need to reset MFA. The recovery phone number then appears on your profile under Multi-factor authentication.

To edit your recovery phone number:

  1. On your profile, select the edit button for Multi-factor authentication.

  2. Under Recovery phone number, select Edit.

  3. On the page that appears, enter a mobile phone number that you can use as a backup if you lose your recovery code and select Continue.

If you can't receive MFA confirmation codes for any reason, such as when you change or lose the mobile device that receives the 6-digit codes, you can use your recovery code to access your Blackbaud account. If you don't have your recovery code and authenticate through a mobile authenticator app, you can use your recovery phone number to reset MFA instead.

To access your Blackbaud account with your recovery code:

  1. On the Blackbaud ID sign-in page, enter your email address and password, and select Sign in.

  2. On the page that prompts you for your 6-digit MFA confirmation code, select Need help?.

  3. To access the recovery code page, select I don't have access to my multi-factor authentication device.

  4. Enter your 24-digit recovery code and select Continue.

  5. Save the new recovery code, and select I saved my recovery code to confirm that you saved it. This new code replaces the one you just used.

  6. Select Sign in. Your Blackbaud account appears, and you can go to your profile to update MFA settings as necessary.

To reset MFA with your recovery phone number:

Tip: This option is only available if you authenticate through a mobile authenticator app.

  1. On the Blackbaud ID sign-in page, enter your email address and password, and select Sign in.

  2. On the page that prompts you for your 6-digit MFA confirmation code, select Need help?.

  3. Select Don't have your recovery code? A page to confirm your identity appears..

  4. On the first tab, enter the 6-digit code that was sent to your Blackbaud ID email address, and select Next.

  5. On the second tab, enter the 6-digit code that was texted to your recovery phone number, and select Next.

  6. On the third tab, select Set up MFA to reset MFA. Your Blackbaud account appears, and you can go to your profile to create a new recovery code and update your MFA settings as necessary.

You can disable multi-factor authentication to change settings or when you can't receive text messages.

If MFA is enabled but you don't have the option to disable it, then MFA is enforced for your account through single sign-on, and you can't disable it.

  1. On your profile, select the edit button for Multi-factor authentication and then select Manage, Disable.

  2. To confirm the action, select Disable

  3. Enter the confirmation code that you receive at your email address and then select Disable.

If you opt to increase security by enabling multi-factor authentication or use a solution where Blackbaud enforces MFA, you can review the MFA Frequently Asked Questions to find solutions for common issues.