How to enable Two-Factor Authentication

This article explains how a user may enable Two-Factor Authentication for their XUNO log in. This will ask them to not only use their normal log in but to also authenticate via Google Authenticator or an authentication email.

Why use 2FA?

2FA (Two-Factor Authentication) is used to provide additional security for log ins. Not only does a user have to know the log in details, they must also have access to either the device in which Google Authenticator is linked to, or access to the email address to which the email address is being sent.

Different options

Authenticating via email: This option will send an email to the email address registered to the staff account. The email will contain a link that the user must click on, in order to log in

Authenticating via Google Authenticator: Google Authenticator is an app used by many companies to provide a secondary point of authentication for users. The user must have access to the device in which they have installed Google Authenticator in order to log in. Once setup, the app will give a unique number that can be used to log into XUNO. The unique number changes every minute, so a user must be able to open the app to get the new number each login.

Setting up 2FA

Decide which method to use

If using 2FA, decide whether to use Email or Google Authenticator. Some points to consider include:

  • If installing Google Authenticator on a phone or iPad, do you have access to this device when using XUNO? Eg if a student or a teacher, do you have access to the tablet/phone in the classroom? If you do not have access to the device in the classroom, it is recommended that email authentications is used
  • Is the email address used on the account accessible by more than one person and all people should be able to log into the same XUNO account? Use Email authentication
  • Is the email address used on the account accessible by more than one person, but only one person should be able to log into a particular XUNO account? Use Google Authenticator
  • Is the email address a school-based address eg it@school.com.au that will be used by someone else once the user leaves the school? If yes, email authentication is generally easier to use.
Set up 2FA
  • Email Authentication
    • Ensure Xuno is using the email address assigned to the user is the correct one to send the authentication email too. 
    • Update the address in the SIS system if it is incorrect.
    • In XUNO go to Options > My Preferences > Security
    • Tick Enable Email 2FA
    • Click OK at the pop up message
    • In Authenticate once every: select how often an authentication link is needed
  • Google Authenticator
    • Download Google Authenticator on the required device
      • Go to either Apple Store or Play Store
      • Search for Google Authenticator
      • Download and install the App. Note the next points may vary from device-to-device
      • In Google Authenticator click Begin Setup
      • Click Scan barcode
      • In Xuno go to Options > My Preferences > Security
      • Click Create new secret key.
      • Click OK
      • With the Google Authenticator app scan the QR code in Xuno. It should then show a 6 digit number in the app. If unable to scan the QR code, choose Manual entry instead and type in the key shown in Xuno.
      • In Xuno, click Enable Google Authenticator 2FA
      • ONLY if a 6 digit number appears in the Google Authenticator app, click on OK in XUNO.  If the Google Authenticator is not yet working, fix this before clicking OK.
      • Next to Authenticate once every: select how often it requires a new 6 digit number.

Log in using 2FA

Once 2FA is setup do the following to log in

  1. Go to the XUNO URL
  2. Enter log in information as per usual
  3. At the prompt, enter either the 6 digit Google number, or to click a link if your email. To get the 6 digit Google number, open Google authenticator and enter the number shown. Do not enter a previous number as this will no longer work.
  4. The log in process should then be successful.

How to disable 2FA

It is recommended that 2FA is disabled prior to getting a new device if using Google Authenticator. This will allow Google Authenticator to be setup on a new device.

Alternatively disable it, if 2FA is no longer wanted.

To disable 2FA
  1. Go to Options > My Preferences > Security
  2. If using Email authentication:
    1. Untick Enable Email 2FA
    2. Click OK
    3. Go to your email
    4. Click on the link to disable 2FA
  3. If using Google Authentications:
    1. Enter the 6 digit google Authenticator number (do not enter spaces)
    2. Click Disable Google Authenticator 2FA

FAQ

Can 2FA be used by parents and students?

Yes, 2FA is available for all users. It is a school decision whether to recommend the use of 2FA or not.

How do you disable 2FA if the usercan't access their 2FA link?

  1. Go to Options > Software Settings > User Accounts
  2. Either:
    1. Find the specific user and untick the 2FA Enabled box; OR
    2. Select all of the users for who need 2FA disabled
    3. Click on the arrow at the top of the selector columns
    4. Choose Disable user 2FA
    5. Click OK

What does E and G mean in the 2FA Enabled column in User Accounts?

E means the user has set up Email authentication

G means the user has setup Google authentication

Can you enable 2FA in bulk for all users?

No

Does 2FA apply to the staff and family app? If so, how do you get it working?

Still need help? Contact Us Contact Us