Multi-factor Authentication for Administrators

Multi-factor authentication (MFA) for administrators adds an extra layer of protection to your Luminate Online administrator accounts. This feature does not impact constituents.

What is MFA

Multi-Factor Authentication (MFA) adds an extra layer of security to administrator accounts. It requires two or more verification methods:

  • Knowledge: Something you know, such as such as a password.

  • Possession: Something you have, such as a code sent to a personal device.

  • Inherence: Something you are, such as facial recognition.

How MFA works in Luminate Online

After entering your username and password:

  • You’ll verify your identity using SMS text or an Authenticator App (e.g., Microsoft Authenticator, Google Authenticator).

  • Authenticator apps use Time-based One-Time Passwords (TOTP), which are more reliable when SMS is unavailable.

Tip: You must offer at least one MFA method. Both options require a one-time setup.

Enable MFA for administrators

  1. Got to Setup and select Site Options.

  2. Set MFA_WITH_TOTP_FEATURE to TRUE to allow authenticator apps.

  3. Save changes.

Warning: If you disable TOTP after administrators have set up an authenticator app, they will lose access unless SMS authentication is also set up and enabled.

Set up MFA with SMS

  1. Log in with your username and password.

  2. Enter your mobile number when prompted.

  3. Select Verify. A code will be sent via SMS.

  4. Enter the code to complete login.

Note: On private connections, you may not be prompted for a code for 30 days.

Example of Phone Number interface

Tip: If you log in from a public connection, clear the This connection is private option and provide SMS authentication.

Change MFA phone number

  1. Go to Constituent360.

  2. Search and open the administrator’s record.

  3. Select Change MFA Phone.

    Change MFA Phone link

  4. Enter the new number and country code.

  5. Select Update.

Set up MFA with an authenticator application

Tip: Enable MFA for administrators before setting up the authenticator application.

  1. Ensure the feature is enabled (see Enable MFA for administrators).

  2. Go to Constituent360 and open the administrator’s record.

  3. Select Configure Authenticator App.

  4. Generate a QR code or App Configuration Code.

  5. Scan the QR code or enter the code in your authenticator app.

  6. Confirm the code.

Note: Once authenticated, your IP address is added to the allow list for 30 days.

MFA Best Practices

  • Always keep your MFA method updated.

  • If disabling TOTP, ensure SMS is active to avoid login issues.