Security

Updated: 5 October 2021

What is MFA? Multifactor Authentication (MFA) increases the security where you need more than just a password to log into a system or online application.

When is this happening? MFA for CLASS which will be linked to Microsoft Cloud services, we need all Centres ready to go before we can roll out these changes. We have put together some information that will help you prepare your Centre for these changes.

Coming upgrades to CLASS rely on integrations with Azure (for log in), and Microsoft 365 (for document management). Some work will need to be done at a Centre level to facilitate this. Unfortunately, this is a technical process and can be challenging. If you run into issues the Helpdesk is here to support you.

For the upcoming changes to the log in process the key tasks for all Centres are: 

  1. Ensure the CLASS username matches Azure Active Directory field User principal name and the matching Azure Active Directory Object ID is provided. Without this CLASS will reject log in attempts. See Step 3 here for instructions. 
  2. Set up Multifactor Authentication (MFA) for Azure Active Directory. 

For Centres already using Microsoft 365, Azure Active Directory is already set up. You can confirm your Centre’s readiness by following the instructions here. Don’t forget to set up MFA. If you run into issues the Helpdesk is here to support you. 

For Centres that want to adopt Microsoft 365, the first step is registering as a not for profit using this link. After you have Microsoft 365 setup, you can confirm your Centre’s readiness as above. Don’t forget to set up MFA. If you run into issues the Helpdesk is here to support you. 

For Centres that will not be using Microsoft 365, please set up an Azure Active Directory domain here. This will be the case for Centres using Google Workspace, and for Centres that do not use any cloud productivity/collaboration suites. Don’t forget to set up MFA. If you run into issues the Helpdesk is here to support you. 

Frequently asked questions

You will need to confirm that your Centre can use Microsoft authentication and follow the steps outlined above.

We are here to help

Please reach out to us if you’re yet to set up MFA by:

  • Simply booking a time to work one-on-one with our team here
  • Emailing us at the Helpdesk with any queries
  • Calling us on 1300 494 498 and we can help you set it up.

You won’t need to remember your VPN details or make sure they haven’t expired to get into CLASS from a location outside of your Centre. You'll only need one login for both Microsoft and CLASS. You also won’t need to update your Centre’s IP address to be able to access CLASS from the office if it has changed.

We’ve planned the rollout for November 2021. We need all Centres to follow the steps above to ensure you experience as little disruption as possible.

No. The log-in process and access controls are changing. But everything else remains the same in CLASS. 

We believe this is a great improvement to CLASS and further strengthening security, as well as making it easier for you to access our other services. Many large organisations and applications you already use have implemented MFA as an additional security measure – for example when you log into your online banking, you usually need to provide a phone number so you can receive an authorisation code to prove you’re you.

Work done at your Centre is very sensitive and we take securing this information very seriously. We’re bringing our systems into line with the Australian Signals Directorate’s Essential Eight Cyber Security Strategies

Another great benefit for rolling out MFA is that you won’t need to use a VPN to access CLASS, so if you’re working remotely, there will be no extra step to sign on.

If you’re not currently using Microsoft 365, we would like to hear from you so we can address any concerns or questions you might have about this process.

If you have any feedback, please don’t hesitate to get in touch at [email protected]

We will be setting up an optional system within CLASS so you can restrict access to specific accounts. We can set this up for you and show you how to use it, and you'll be able to manage each individual user account as needed.

If you’re already on Microsoft’s Cloud services, you can get ahead of the process by following these simple steps.

Existing Security

  • Application – all data is stored on servers, and backup servers in Australia. CLASS can also ONLY be accessed via dedicated IP addresses (whitelisting). This is managed by CLCs Australia and the developers.
  • Permissions and User Accounts – Permissions (roles) set what each User can see and do in CLASS. This is managed by Centre Admins and the Helpdesk
  • User Security – every person that uses CLASS must maintain strong passwords, anti-viral software, not share accounts and log out of CLASS when not in use.

CLASS is a web-based, cloud application. Security is a primary focus for all Users and Administrators. There are multiple layers to CLASS security. Maintaining security is critical, Administrators act as gatekeeper for their users and permissions.

There are a number of external security and legal standards that centres must comply with:

  • The storage of data should comply with Australian Privacy Principles.
  • Data will be hosted securely. Ideally in compliance with Australian Signals Directorate Cloud Services standards.
  • The Hosting should comply with PII requirements of the sector.
  • Data should be hosted in Australia – to meet above standards, and for the purpose of lowering data transfer times.
  • Security and Data standards should be reviewed regularly (min 6 to 12 months) and reported to CEO / Board to ensure best possible compliance in the face of developments in the area of online security threats.

We will be proactively monitoring the progress of each centre. We understand the magnitude of this change and we will be evaluating our progress in the lead up to the deadline. If we can see any risk with someone missing out, we may choose to push things back further and we will communicate  that as soon as the decision is made. 

You can take the first step whenever you are ready by registering with Microsoft as a Nonprofit, which can take up to seven days to be approved. 

We have identified the Centres who do not use Microsoft 365 or a similar solution through a recent tech survey we conducted. We will be contacting these centres to learn more about their infrastructure and provide guidance and to help research solutions. You do not have to wait for us to contact you if you are raring to go! 

You can get in touch with us on the Helpdesk by visiting our Portal or by emailing us on [email protected]