Blackbaud ID (BBID): Multi-factor authentication (MFA)

Blackbaud requires faculty, admin, and staff users of Blackbaud Education Management® (BBEM) at all schools to use multi-factor authentication (MFA) on their Blackbaud ID (BBID) username and password, for increased security. These users have security roles with application, employee, or volunteer types.

Tip: Not sure which roles are application, employee, or volunteer types? View the list of security roles in Core and Filter the list based on the Column called Role type.

When MFA is enforced for a user's security role, they must authenticate with two or more verification factors, such as

  • a password and a code received via SMS text message

  • or a password and a code from a mobile authentication app.

Exemptions

Users whose only security roles are constituent or other types are exempt from BBID's MFA enforcement (such as students, alums, and non-administrative users). However, platform managers can configure their security roles to require those users to log in with multi-factor authentication (MFA) for increased security.

Users who login with single sign on (SSO) aren't prompted to use Blackbaud's MFA, even if the school enforces MFA for one of their roles.

However, they may be prompted to use MFA from the school's identity provider (IdP). For example if your school uses Azure Active Directory (AD) or Google G Suite, users may use MFA if Microsoft or Google are configured to require it.

Users who login with Sign in with Apple ID) aren't prompted to use Blackbaud's MFA, even if the school enforces MFA for one of their roles.

However, they may be prompted to use Apple's MFA.

See sign in with Apple.

Users who login with Sign in with Google) aren't prompted to use Blackbaud's MFA, even if the school enforces MFA for one of their roles.

However, they may be prompted to use Google's MFA.

See sign in with Google.

If your school chose to require MFA for a security role that's usually exempt (such as students and alums), then a platform manager can disable the MFA requirement for that role. See security roles for instructions.

  • When disabled, users in the affected roles may still prompted to login with MFA. However, after logging in, the user can go to their individual BBID profile to opt out of MFA.

  • Users who are already required to use MFA because they also use their BBID for other Blackbaud applications (such as Raiser’s Edge NXT) will still require MFA, regardless of their MFA settings for their roles in the school solution.

To learn more about MFA or Blackbaud ID (BBID), view the online help.