Create a list of authorized users and manage two factor authentication

Administrators can add two independent layers of security for local administrator accounts by creating a list of authorized users and then choosing from the following options:

  • Restrict Local Login only for Authorized Users – this option only allows users on the Authorized Users list to log in using the Brightspace Login page (that is, bypass using an identity provider workflow).

  • Enable 2FA for Authorized Users – This option enables 2FA for users on the Authorized Users list, without preventing other local accounts from logging in using the Brightspace Login page.

  • Restrict Local Login and enable 2FA for Authorized Users - this option is the combination of the available options.

 

To create a list of authorized users and to enable one of the three possible options:

  1. From the Admin tools menu, select, Local Authentication Security.
  2. From the Local Authentication for Authorized Users drop-down menu, select one of three options: Restrict Local Login only for Authorized Users, Enable 2FA for Authorized Users, or Restrict Local Login and enable 2FA for Authorized Users.
  3. Under Authorized Users > Add User > Username, type in existing usernames and click Add. The option you selected in the Local Authentication for Authorized Users drop-down menu above applies to all users in the list.

  4. To remove a user from the Authorized Users list, select the check box alongside the username, and click Remove.

  5. Click Save.

Notes:

  • Removing a user from the Authorized Users list that has set up 2FA for their account, disables 2FA for that user.

  • When you choose to restrict logins, and then click Save, a confirmation message appears prompting you to confirm the chosen settings before applying them.

Set up two factor authentication

If your account has been added to the allow list managed through the Local Authentication Security page in the Admin tools menu, you can optionally add two factor authentication to your local account as a further security measure.

  1. On the minibar, click your username.
  2. Click Account Settings.
  3. Under General Settings, click Enable Two Factor Authentication.
  4. Following the instructions on the Enable Two Factor Authentication pop-up window, install an Authenticator app on your mobile device.
  5. Add a new profile to your chosen Authenticator by scanning the QR code on the Enable Two Factor Authentication pop-up window or by entering your personal code.
  6. Follow the instructions in your Authenticator app to save your Brightspace Learning Environment code for future reference.
  7. When you have completed the setup process, log out of Brightspace Learning Environment and attempt to log back in. A prompt appears for your code.
  8. Enter your code and click Submit. You are logged into Brightspace Learning Environment.

Disable two factor authentication

An administrator with the permissions to modify users can disable a user's ability to set up two factor authentication.

  1. From the Admin tools menu, click Users. If two factor authentication (2FA) has been set up for a user account, a lock icon appears alongside the username .

  2. On the Users page, on the context menu for the user, whose ability to set up two factor authentication you want to revoke, select Edit User Information.

  3. On the User Info page > Two Factor Authentication, click Disable two factor authentication. A prompt appears requesting you to confirm that you want to disable two factor authentication for the user.

  4. Click Disable two factor authentication.

  5. Click Save.