Help Center Home
Configuration: Setting Up Multi-Factor Authentication
Authored by:
on 4/29/2025 8:18:00 AM

Introduction

Aligned with the PCI DSS 4.0 requirements, nonprofits must enhance their cybersecurity measures, particularly by implementing Multi-Factor Authentication (MFA) across all systems handling credit card data. This shift addresses the increasing sophistication of cyberattacks and aims to bolster donor data protection. CharityEngine's Two-Factor Authentication (Multi-Factor Authentication) setup facilitates compliance with these new standards.

Benefits of Multi-Factor Authentication

Implementing Multi-Factor Authentication provides several security advantages:

  1. Enhanced Security: Adds an extra layer beyond passwords, requiring a second authentication factor.

  2. Protection Against Password Theft: Even if a password is compromised, unauthorized access is prevented without the second factor.

  3. Mitigation of Unauthorized Access: Reduces the risk of unauthorized account access.

  4. Reduced Risk of Data Breaches: Limits potential data breaches by adding an authentication layer.

  5. Compliance: Meets regulatory standards like PCI DSS, GDPR, and HIPAA.

  6. Remote Access Security: Ensures secure access for remote users.


Setting Up Two-Factor Authentication in CharityEngine

Configuring Organizational Settings

  1. Access Authentication Settings:

    • Navigate to: Configuration App > Security > Authentication.

  2. Configure Inactive User Lockout:

    • Set the number of inactive days before a user is locked out.

    • Recommendation: 30 days or less.

Setting Up User Contact Information for Multi-Factor Authentication

  1. Access User Contact Record:

    • Go to: People App > Organization & People > Contact > locate user's contact record and manage

  2. Add or Update Phone Number:

    • Enter the mobile number.

    • Set Type = Mobile, 'Receive SMS' = Yes and 'Preferred SMS' = Yes.

    • Click Save.

  3. Note: If there is no mobile phone number on file, an email will be sent. The user will then have to enter the code that was sent for the multi-factor authentication

  4. Add or Update Email Address:

    • Enter the email address.

    • Ensure 'Active' = Yes, 'Receive Email' = Yes, and 'Preferred' = Yes.

    • Click 'Save'.


Multi-Factor Authentication in Action

Multi-Factor authentication will trigger a text or an email every time a user logs into the account. If there is a mobile phone in the database for the account, once the user enters their username and password, a text will be sent to the user. Codes are sent immediately to the user.


                                                   

Note: A user will not be able to enter the code multiple times. If you have entered the code incorrectly, a new code will have to be sent and entered correctly for access to the system. Please ensure you are entering the code correctly, as too many tries will lock the account.

By configuring Multi-Factor Authentication in CharityEngine, nonprofits can meet the enhanced security requirements of PCI DSS 4.0, thereby safeguarding donor information and maintaining compliance.

In summary, Multi-Factor Authentication is a crucial security measure that helps protect accounts and systems from unauthorized access, reduces the risk of data breaches, and enhances overall security posture. It's widely recommended for organizations to use Multi-Factor Authentication wherever possible to safeguard their online assets.


FAQs & Additional Materials

Q: Does this follow PCI compliance guidance?
A. Yes, multi-factor verification aligns with PCI guidelines. Learn more about PCI DSS Version 4.0.1 changes in our Blog Post here: PCI 4.0: What Do Nonprofits Need to Know?

Q. What is the benefit to the Stay Logged In feature?
A. Upon entry of the user name in the login flow, a user will have an option to select the Stay Logged In check box. Users who have not enabled the "Stay Signed-In" feature will be automatically logged out after 20 minutes of inactivity. This measure helps protect the sensitive data you access. We extended the logout period based on valuable feedback from our users to provide a balance between security and convenience. Once activated, a user will receive a Welcome back! screen to quick sign back in using their credentials. Please be aware, users will still be required to complete MFA after 24 hours.



Related Articles

Powered by Powered By CharityEngine