Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Genesis SIS MFA Requirement & Setup

            Modified on Wed, Feb 11 at 1:45 PM

            Multi-Factor Authentication Requirement and User Setup

            CONTENTS


            New MFA Requirement for Sysadmin Accounts

            Security Announcement
            • Beginning March 2, 2026, all System Admin SIS accounts will be required to have MFA/SSO enabled in order to access Genesis SIS. Any of the following Genesis User account setups will allow System Admins to logon once the requirement is enabled:
            1. User has Authentication Type of "Single Sign on" or "Active Directory".
            2. User has an enabled MFA Provider from the Setup>Security>SingleSign-on and MFA screen set as MFA Provider.
            3. User has the "Force Google SSO" checked and has a Google Email Address on their account
            4. User has MFA Provider set to "Genesis" and has 'Require Genesis MFA on Account' checked off.
            • Once your System Admin accounts in Genesis have MFA/SSO enabled, we recommend turning on this new requirement ahead of the March 2 deadline. To do so, go to SETUP → SECURITY → POLICY and select “SysAdmins must have MFA/SSO set up on their SIS User account to log in.” Our team is available to support you with setup and answer any questions that come up.



            User Setup

            This document guides the user through completing the Genesis Two-Factor setup when the "Require Genesis MFA on Account" option is checked under System > Security > Search for User.


            A.  User Requirements:


            1. User must have Require Genesis MFA on Account enabled.


            2. A smartphone or browser with an Authenticator App (Google Authenticator, Microsoft Authenticator, or similar)


            B.  Logging into Genesis:


            1. Navigate to your district Genesis login page


            2. Enter your username and password.


            When "Require Genesis MFA on Account" is checked, the user will not be able to access any other tabs until MFA is set up. You will see the screen below.



            3. Click the Enable One Time Password Authentication button and user will be presented with the following screen:



            4. From here, the user can either manually type (paste) the Secret Key into an authenticator.  They may alternatively click the Show QR Code button and the presented QR code to auto setup.



            5. Once the authenticator is setup, user should click the Enable One Time Password button.



            6. Enter the 6 digit value from the authenticator into the prompt and click OK to test.


            7. You will be brought to "Security Settings and Preferences page.  Click Close User Options to complete the process.


            NOTE:  To mass apply the Require Genesis MFA on Account setting to users, you may do so using the Mass Update button found on the Setup > Security > Users screen.



            MFA Requirement FAQ

            1.  When will the requirement take effect for 'sysadmin' Genesis accounts?

            System Admin accounts will be required to login using MFA starting on March 2, 2026


            2.  When will the requirement take effect for all other users? 

            Not at this time. The requirement for non-system admin accounts is still to be determined.


            3.  Will this requirement include Parent and Student Portal accounts?

            No, there are no plans to enforce this requirement for Parents or Student accounts at this time.


            4.  Why is Genesis enforcing Multi-Factor Authentication?

            Enabling MFA significantly reduces the risk of unauthorized access and helps safeguard sensitive information such as payroll and personal details. To strengthen your data security, Genesis will be enforcing Multi-Factor Authentication (MFA) as a standard in our Student Information System (SIS).


            5.  Would having a Single-Sign-On or Active Directory in place be enough to satisfy the MFA Requirement?

            Yes. In general, users will be required to login through any type of authentication, other than the Username & Password method. If the user does not have any of those items in place, they will be required to login via the built-in Genesis MFA (see User Setup section above to read about this process).


            6.  Do we have to implement a 3rd party security system such as Microsoft Entra, Cisco Duo, or Okta? 

            No, Genesis has a built-in MFA in place that will satisfy the MFA Requirement. Note: See the User Setup section above for details on using the Genesis MFA.


            7.  Will Turnstile, or 'kiosk' users be impacted by this requirement?

            No, the Genesis MFA Requirement will not be enforced for logins which are only to check-in students daily. These accounts are typically used throughout the school day and do not represent actual staff members. These users must NOT be a 'sysadmin' account. Any super users (logins with the "sysadmin" access role) will still have the MFA requirement enforced, regardless of the purpose for the account.


            8.  Will the accounts that have the Allow URL Login still function properly? 

            Yes. The MFA requirement will not impact the ability to login using a URL. Click Here for more details on this feature.

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0