Admins currently don't have the tools to support their userbase with regards to Multifactor Authentication. Admins should be able to see whether a user has MFA enabled, their configured method of receive the MFA code, and their 24 digit recovery code. Especially at the launch of the MFA requirement for Altru, expecting every user's MFA issue to go through Blackbaud support hampers software admin's ability to support their users and potentially cuts off access to this mission critical tool until resolved.
I definitely agree with this as well. Having both been locked out with no real alternative, and struggled with reception, and having no support system in place for weekends/off hours (especially for frontline staff) seems like a misstep that could be resolved if this were to be put into effect.
Attachments Open full size
Also agree that there needs to be a better self service to resolve lockouts. I also have terrible cell reception in the building and have to run outside to get a code and run back in to enter it in time (I'm on the 4th floor so I have to go downstairs and exit then return)
Attachments Open full size
As an additional note regarding a way to do MFA without cell reception as we are in a building that frequently has horrible cell reception (this led to one of the lock outs today -- the staff member just wasn't receiving the code).
Attachments Open full size
I completely agree with this. Two of our staff members were locked out today and I was powerless to help them. They also cannot reach out to Blackbaud themselves (or on weekends) without being able to get into Altru.
There needs to be a way to also receive the 24 digit recovery code by means of a secondary email or another method.
There also needs to be a way to do MFA with landlines as our staff are not equipped with personal devices paid for by the business.
Attachments Open full size
Hi Mac - Thank you for this feedback. We are currently working to make recovery more self-service, but it will ultimately fall on the specific user to resolve, not on the Org Admin. For security purposes, we will not be allowing Org Admins to own their users' MFA settings or recovery.
Attachments Open full size