Multi-Factor Authentication (MFA): The NCEdCloud IAM Service

In today’s digital landscape, where cyber threats are constantly evolving, ensuring the security of online accounts and sensitive data is of paramount importance. The North Carolina Department of Public Instruction recognizes this challenge and has implemented robust security measures within the NCEdCloud Integrated Access Management (IAM) Service, including the deployment of Multi-Factor Authentication (MFA).


Multi-Factor Authentication, also known as Two-Factor Authentication (2FA), is a security process that requires users to provide two or more forms of identification to verify their identity before gaining access to an account or system. This additional layer of security helps prevent unauthorized access, even if a user’s password is compromised, by requiring a second factor of authentication, such as a one-time code or biometric verification.

The NCEdCloud IAM Service offers three distinct approaches to implementing MFA, providing flexibility and tailored security measures to meet the diverse needs of users and organizations within the North Carolina education system.

MFA for Privileged Roles

The NCEdCloud IAM Service mandates the implementation of MFA for all users with privileged roles, such as LEA (Local Education Agency) Administrators, LEA Data Auditors, or Help Desk roles. These roles are associated with elevated access privileges and responsibilities, making it crucial to ensure the highest level of security and accountability.

NCEdCloud Login

By enforcing MFA for privileged roles, the NCEdCloud IAM Service mitigates the risk of unauthorized access to sensitive data and critical systems, even if a user’s credentials are compromised. This proactive approach to security safeguards the integrity of the educational ecosystem and protects the privacy of students, staff, and stakeholders.

PSU-Wide MFA Opt-In

Public School Units (PSUs) within the North Carolina education system have the option to “opt-in” to having MFA turned on for all of their staff members. This comprehensive approach not only enhances the overall security posture of the PSU but can also potentially reduce the cost of cybersecurity insurance in some cases.

By enabling MFA for all staff, PSUs can ensure that every account associated with their organization is protected by an additional layer of authentication. This proactive measure helps mitigate the risks associated with password compromises, phishing attacks, and other cyber threats, ultimately safeguarding sensitive data and ensuring business continuity.

Targeted MFA Implementation

In addition to the PSU-wide MFA opt-in, the NCEdCloud IAM Service also provides PSUs with the flexibility to require MFA for a specific subset of their staff members. This targeted approach allows PSUs to prioritize and implement MFA for high-risk roles or departments that handle sensitive information, such as Human Resources, Finance, or administrative staff with access to user records.

PSUs can upload a file containing the User Identifiers (UIDs) of the staff members for whom they wish to mandate MFA. This granular control over MFA implementation enables PSUs to balance security requirements with operational needs, ensuring that critical roles and data are adequately protected while minimizing potential disruptions to workflows.

Regardless of the chosen approach, the NCEdCloud IAM Service’s MFA implementation follows industry-standard security protocols and best practices. Users can leverage various authentication factors, such as one-time codes sent via SMS or email, mobile app-based authenticators, or hardware security keys, providing a range of options to suit individual preferences and organizational requirements.

By embracing Multi-Factor Authentication through the NCEdCloud IAM Service, the North Carolina Department of Public Instruction demonstrates its commitment to safeguarding the integrity and confidentiality of educational data and systems. This proactive approach to security not only protects against cyber threats but also instills confidence in students, staff, and stakeholders, ensuring that their sensitive information is handled with the utmost care and diligence.

As cyber threats continue to evolve, the NCEdCloud IAM Service’s MFA implementation will adapt and incorporate the latest security advancements, maintaining its position as a robust and reliable access management solution for the North Carolina education system. By prioritizing security and embracing innovative authentication methods, the NCEdCloud IAM Service paves the way for a secure and resilient digital learning environment.