top of page

Business System Two-Factor Authentication required by July 1st, 2024

Announcement: Business System Two-Factor Authentication required by July 1st, 2024

Vista Software will require all users of the Vista Iowa Business system to log in using two-factor authentication (“2FA”) by July 1st, 2024.   On July 1st, Vista will make 2FA a non-optional requirement for all Vista Iowa Business users.   Two-factor authentication to access Employee Self-Service will continue to be optional.   This new requirement only applies to the Business System login.


Why require 2FA?
The cybersecurity landscape is rife with threats that put your district’s data at risk should someone gain access to you or your users’ Vista Iowa login information.  An unfortunate reality is that cyberthieves continue to employ all manner of techniques for stealing credentials.  Two-factor authentication adds a second layer of protection, greatly reducing the chance that a hacker can gain access to Vista Iowa.  Business Office users of the Vista Iowa Business system have access to sensitive information, as do many of the supervisory staff who log in to view data and handle approvals.  More and more insurance companies are requiring multi-factor authentication be employed for them to indemnify for Cyber Insurance. 

How it works
When Two-Factor Authentication is enabled for a given user, that user will, upon signing into Vista Iowa Business system, be sent a random code to the email address that is stored in their User Account.   An example of that email is shown below (Figure 1).   The random code will be valid for 10 minutes.   Users will type or copy/paste the authentication code into the screen that had notified them of the code having been sent to their email address.  (Figure 2)   If the users wish, they may click the “Remember this device” checkbox which will allow for subsequent sign-ins without having to receive and enter an authentication code.   (Note: the clearing of browser cookies and/or browser history will cause the device to not be remembered, thus requiring re-authentication).


How to prepare
For those clients who have not already instituted 2FA in the your district, you may want to communicate this forthcoming change to all parties affected.  There will be a notification message on the login screen of Vista Iowa explaining the change.  As this method relies on the email address in the User Account List, please consider verifying the email addresses on file for your staff, particularly if your school underwent a domain name change at some point in the past, or for those whose email address may have changed due to a name change.


Is email the only option?
At present, email is the only option for two-factor authentication within Vista Iowa Business software.  There will likely be a second option available late 2024 to receive the 2FA authentication code via Text Message.   Additional methods may be possible at a later date.

(figure 1)

2FA Email.PNG

(figure 2)

2FA screen.PNG
bottom of page