Login Security Settings

Classic View: System Administration > User Security > User Preference Management > Login Security Settings

Search Term: Login Security Settings

The Login Security Settings are defaulted as opt-in (Send an alert when logging into a new device) and is ONLY available for staff users.

 The Login Security Settings tool allows you to control whether or not Staff users will receive login alert notification emails.

For more information about tracking notifications, see the Establishing Trusted Devices for Campus Login section of the Managing User Account Passwords article.

Image 1: Login Security Settings

Tool Rights

Only System Administrators should have access to the Login Security Settings tool.

Only users with a Student Information System (SIS) Product Security role are allowed to access and modify values in the Login Security Settings tool.

Disable Login Alert Notifications

To disable login notification emails, select the Do not send login alerts radio button (Image 2) and click the Save icon. Users will no longer receive an email each time their Campus account is accessed via a new or unrecognized device/computer.

Image 2: Turning Off Login Alert Notification Emails

Enable Login Alert Notifications

To enable login alert notification emails, select the Send an alert when logging into a new device radio button (Image 3). 

Login notifications will increase email traffic. It is important you have adequate email capacity when enabling and using login alert functionality.

Image 3: Turning On Login Alert Notification Emails

Once notifications are enabled, users will receive an email each time their Campus account is accessed via a new or unrecognized device or computer. The section below describes this process.

What Happens Once Alert Notifications are Enabled

Once the Send an alert when logging into a new device radio button is selected, users logging into Campus for the first time from a device will be required to enter an Account Security Email address (if one is not already present within Campus) and will be asked if they would like the device to be remembered for future logins (Image 4).

Image 4: Entering an Account Security Email and Remembering the Device

Once an email address is established, any time you log into Campus using a device that has not been used to login into Campus before or has not been designated as a device for Campus to remember will result in an email being sent to your Account Security Email address, alerting you that you (or someone) logged into Campus. Below is an example of the email you will receive (Image 5). 

In order for a device to be recognized for future logins, your browser MUST be set to allow cookies.

Having your browser set to automatically delete cookies will cause the device to not be recognized and force you to go through this process each time you log into Campus.

See the FAQ section below for more information about reducing the amount of notification emails that may be sent.

Image 5: Unknown Device Login Email Notification

Enable Login Alert Notifications with a Verification Code

To enable login alert notification emails, select the Send an alert and require a verification code when logging into a new device radio button (Image 6). 

Login and verification code notifications will increase email traffic. It is important you have adequate email capacity when enabling and using login alert and verification code functionality.

Image 6: Enabling Login Notifications with Verification Codes

Once the Send an alert and require a verification code when logging into a new device radio button is selected, users logging into Campus for the first time from a device will be required to enter an Account Security Email address (if one is not already present within Campus) and will be directed to a new screen where they will have to enter a verification code and decide if they would like the device to be remembered for future logins (Image 7). 

In order for a device to be recognized for future logins, your browser MUST be set to allow cookies.

Having your browser set to automatically delete cookies will cause the device to not be recognized and force you to go through this process each time you log into Campus.


Image 7: Entering an Account Security Email and Entering a Verification Code

Below is an example of the email that will be sent to your account. This email contains the 8-character verification code that must be entered in the box show above (Image 7). 

Image 8: Finding the Verification Code

Enter the 8-character verification code into the box shown below, decide if the device should be remembered for future logins by marking the Recognized this device in the future checkbox, and click Continue (Image 9). The device is now verified and you will no longer receive notification emails when logging into Campus using this device.

Image 9: Entering a Verification Code

Enable Device-Based Two-Factor Authentication

As an increased layer of protection for Infinite Campus accounts, user accounts can be enabled with device-based two-factor authentication functionality. When enabled, users are provided a unique QR code and Text Code which requires them authenticate their account using a device and an authenticator application (such as Google Authenticator, Authy, LastPass, etc). 

This functionality only applies to non-Campus Portal accounts. 

BIE Users: This functionality is enabled by default and cannot be disabled. All non-Campus Portal accounts are required to register a device and use an authenticator app when logging into Infinite Campus. This process is described below.

To enable device-based two-factor authentication for all non-Campus Portal accounts, click the Send an alert and require verification token from an authentication application when logging into a new device radio button and select Save (Image 10). 

Image 10: Enabling Device-Based Two-Factor Authentication for All Non-Portal Accounts

Once enabled, the next time users attempt to log into Infinite Campus they will see a screen displaying a unique QR Code and Text Code. 

Using a device (such as cell phone), users must download an authenticator app (such as Google Authenticator, Authy, LastPass, etc) and use the app the scan the QR Code or enter the Text Code. This will register the device and tie it to their Campus account. 

Once they have scanned the QR Code or entered the Text Code in the authenticator app, the app will display a code. Enter the code from the authenticator app into the field on the Campus login screen, mark the Recognize this device in the the future checkbox, and click Continue (see image below). The user will be logged into Campus. 

Image 11: Registering a Device and Logging into Infinite Campus

In the future when logging into Campus, based on the frequency of when they need to authenticate (this is determined by the district's configuration), users will need to access their authenticator app on their registered device and enter the code displayed in the authenticator app into field on the Infinite Campus login screen. Users should mark the Recognize this device in the future checkbox and click Continue. If the code they entered is correct, they will be logged into Campus.

Image 12: Logging into Infinite Campus Using an Authentication Code

Enable Captcha Settings

Captcha Settings determine which captcha is used on the Campus login screen for users who have failed to properly log into Campus several times in a row. This feature prevents users from being locked out of their account after several failed login attempts and protects accounts from malicious bots and scripts.

The following captcha options are available:

Campus Captcha

Campus captcha displays a captcha with a randomly generated set of letters and numbers the user must enter in order to log into Campus.

Image 13: Enabling Campus Captcha

The image below is an example of the Campus captcha (Image 14).

Image 14: Example of the Campus Captcha

Google reCaptcha

The Google reCaptcha displays a checkbox the user must select and a series of pictures the user must select to prove it is a human and not a bot. 

Before you can enable Google reCaptcha, you must first go through a registration process with Google to acquire the Site Key and Secret Key and enter this data within Campus (Image 15).  

See the Google reCaptcha website for more information about registration.

Campus only supports reCaptcha V2. You must use this option when connecting Campus to reCaptcha functionality.

When registering for Google reCaptcha, enter the Domain by removing the http:// from the Campus site URL (for example, infinitecampus.org instead of http://infinitecampus.org). Do NOT enter the full URL. Failure to remove the http:// or https:// from the beginning of the URL will result in errors.

Image 15: Setting Google reCaptcha Settings

Once Google reCaptcha is enabled, a user who has unsuccessfully attempted to log into Campus several times in a row will be required to first mark a checkbox (Image 16).

Image 16: Confirming You are Not a Robot

Once the user has marked the checkbox, reCaptcha will validate the user's behavior and return success if it believes that the user is not a robot. 

A Security Preference slider on the reCaptcha Settings screen allows for adjusting the security preference of the reCAPTCHA from 'Easiest for users' to 'Most secure'. This will determine the types of challenges generated by the captcha (i.e., easiest only requiring the I'm Not a Robot checkbox to be checked). 

Depending on the reCaptcha security preference level, a popup may appear, asking the user to either select a series of squares or pictures based on specific question (Image 17) or listen to an audio challenge. 

The audio challenge option for Google reCaptcha does NOT work properly within Microsoft Explorer and Edge web browsers.

Image 17: Selecting Verification Images

Once the user has successfully selected the proper images, they will be redirected to the Campus login screen where they can proceed to log into Campus. 

If you experience any issues after setup, ensure the IP addresses that Google requires for reCAPTCHA functionality have been white-listed. Google maintains their list of IP addresses that must be whitelisted in order for reCAPTCHA functionality to work here:

https://code.google.com/archive/p/recaptcha/wikis/FirewallsAndRecaptcha.wiki

FAQ

Below is a list of answers to questions that may arise when enabling account notifications and verification codes.

How Does Campus Remember a Device?

Once you login to Campus, a unique ID is generated and stored as a cookie within your browser. 

If you clear your browser cookies or do not mark the Have Infinite Campus remember this device/browser in the future checkbox, you will have to go through the Notification process each time you log into Campus.

What if I Clear My Cookies Each Time I Close My Browser?

Clearing your browser cookies will remove the device from being remembered by the Campus notification process and will require you to go through the entering an email and setting up the device as a remembered device each and every time you log into Campus. 

To prevent having to repeat the notification process each time you log into Campus, it is highly recommended you do not set your browser to automatically delete cookies.

How Do I Minimize the Amount of Notification Emails?

You can minimize the amount of notification emails you receive by:

Will the Login as User Feature Result in a Notification Email?

Using the Login as User feature on the User Account tab will not send notification to the person you are logging in as. Login notifications only occur upon login via the Campus login screen. 

How Do I Reset a User's Account Security Email Address? 

If a user has accidentally entered an incorrect Account Security Email and thus cannot access the verification code email, you can reset the user's email address by going to System Administration > User Security > Users > User Account and clicking the Reset Account Settings button (see image below). Once selected. the user will be forced to go through the initial Account Security Email login process again.

Why Can't I Get reCaptcha to Work? 

If you experience any issues after connecting Campus to reCaptcha, ensure the IP addresses that Google requires for reCAPTCHA functionality have been white-listed. Google maintains their list of IP addresses that must be whitelisted in order for reCAPTCHA functionality to work here:

https://code.google.com/archive/p/recaptcha/wikis/FirewallsAndRecaptcha.wiki

two-factor authentication two factor authentication v two-factor authentication two factor authentication two-factor authentication two factor authentication two-factor authentication two factor authentication two-factor authentication two factor authentication two-factor authentication two factor authentication

Feedback