Security and XUNO login help
      Back to home
      1. Help Articles
      2. Security and XUNO login help

      What to do if you suspect a XUNO user account has been compromised

      This article is for XUNO Administrators in the event that they suspect a XUNO user account has been compromised.

      Note: These are general security recommendations only, and should always be used in conjunction with any school IT security policy or other measures required by your employer.

      Recommended actions if a XUNO user account is suspected to be compromised:

      If a XUNO Administrator account is compromised, please contact XUNO Support urgently.

      If the user is signing in using XUNO username and password:

      • Change the user's password. You can change any password for a user in XUNO at Options > Software Settings > User Accounts, by clicking on the key icon at the end of the row. XUNO passwords must contain at least 8 characters, including a capital letter, a numeral and a special character.
      • Reset the user's API key. This will log the user out of the XUNO Staff or Family app on all registered devices. This can be done using the following steps:
        1. Go to Options > Software Settings > User Accounts.
        2. Find the user in the Staff, Students or Parents table.
        3. Tick the Show API key checkbox and click the Show button.
        4. Click the keyhole icon to reset the user's API key.
      • Reset user 2FA (two-factor authentication) if enabled. To do this, untick the checkbox for the user in the 2FA enabled column at Options > Software Settings > User Accounts and confirm by clicking OK on the popup.

      If the user is signing in using Microsoft or Google Single Sign-On (SSO):

      • Reset Microsoft or Google 2FA.

      Check User Action log history for malicious activity, at Options > Help & Options > Troubleshoot & Maintenance by clicking the User Action text in the Logs cell.

      If a staff account has been compromised, this may be associated with more serious security breaches, for example in Attendance, Incidents, and Student or Confidential Notes areas. We suggest that you put your XUNO site into Maintenance mode, so that only Administrators will be able to access XUNO while you are investigating the security breach. To do this, follow these steps:

      • Go to Options > Software Settings > General Settings.
      • Scroll to the bottom of the page. Under Site Maintenance, tick the checkbox next to Maintenance Mode.
      • Click the Save button.