Multifactor Authentication Business Rule

There needs to be an org wide business rule setting to set up Multifactor Authentication, rather than police each individual in our org.

  • Anna Zimmerman
  • May 6 2021
  • Attach files
  • John Vogel commented
    July 13, 2021 16:23

    Hi Anna,


    Thank you for creating this idea! I have some good news for you too. Today you can enforce MFA on all users within your org by establishing a Single Sign On (SSO) connection with us. You will then have the ability to enforce MFA through your Identity Provider (IdP). The primary bonuses to this approach are:

    1. Increasing security by ensuring users are accessing all business applications (beyond Blackbaud) with a consistent form of authentication that meets your organization's security needs

    2. Reducing the number of accounts individuals have to keep track of to access the various applications used during the course of business. For example, using the same account to access your work email, cloud file storage, Blackbaud, etc.

    3. Centralizes user management within the IdP. This means when someone leaves the org, turning off their access to their IdP account effectively removes their access to all applications where they used that account to authenticate.


    For more details on SSO with Blackbaud please visit: https://docs.blackbaud.com/sso-overview-docs/


    Is this a good approach for your organization? If not please let me know why and I'll review further. Ultimately, I want your organization to be as secure as possible and that goes beyond the walls of Blackbaud but if there's a need to only focus on Blackbaud then I want to hear all about it.


    All the best,

    John



  • Devan Caton commented
    May 06, 2021 15:49

    Yes, this should be something that the organization can choose to enforce for all staff. Should be something you can enable in Admin, Config, something.