As an SCC Employee, you are required to use Desktop 2FA to access all college owned machines.  You will be required at login to provider your Password + Swipe Card or Password + One Time Password(OTP) Items Required: To enroll in Desktop 2FA, you will need the following items: NFC Card Reader plugged into Computer Cell Phone with Google Authenticator or compatible OTP App College Issued Swipe Card This guide will assume the use of the Google Authenticator application for all instructions. Follow your OTP App's instructions if using a different compatible application. For more information on why SCC Uses 2FA, and the differences between Desktop 2FA and Online Services 2FA, click here. Enrolling in Desktop 2FA - First Time Enrollment will only occur once per account. The first time an SCC Employee attempts to sign onto a machine, the Desktop 2FA Enrollment process will begin, courtesy of HID Digital Persona. Once enrolled, you will be able to use any SCC computer with Desktop 2FA.  IF YOU DO NOT SUCCESSFULLY ENROLL: If you do not successfully enroll when its prompts you, you will be unable to sign in to any SCC Device. It will require you to visit the IT Office so that we can manually enroll you in the process.  If you do not automatically receive the enrollment screen upon login, select the "First Time Using HID Persona?" Button that appears below the password box.  To begin, simply enter in your username and your password at the login screen. The HID Digital Persona registration process will then begin, prompting you to enter in your password once more (See Fig 1) Fig 1. Enter in your Password Swipe Card Enrollment Once you've entered in your password, you'll be presented with the Credential Manager screen, where you can add / change / and remove your enrollments. For now, you will want to select the center option, "Cards", to enroll your Swipe Card (See Fig 2) Fig 2. Select the "Cards" option in the center With no cards registered, you will see the "Enroll" button in the center of the screen. Select it (See Fig 3A). NOTE: If you do not have a card reader (Fig 3B) attached to your computer, you will be told to plug in the reader to continue the enrollment process (Fig 3C). If you do not have one, place an Equipment Service Request from the Help Desk portal to obtain one. Fig 3A - Select the "Enroll" Option Fig 3B - NFC Card Reader Fig 3C - Connect the Card Reader error When the program is ready, it will prompt you to place your Swipe Card on the Card Reader (Fig 4). Fig 4 - Place or Tap the card on Reader. Congratulations, your Swipe Card is now enrolled as a Desktop 2FA token. To give yourself more options, please continue on and enroll a One Time Password(OTP) by pressing the "Done" button in the bottom right hand corner. One-Time Password Enrollment At the main screen, select the "One-Time Password" option to begin enrollment.  Fig 5 - One-Time Password Enrollment The One-Time Password Enrollment screen will open with a QR Code already generated for you to scan with Google Authenticator (Fig 6).  Fig 6 - Scan the QR Code with the Google Authenticator App Scan the QR Code, which will generate an entry in Google authenticator named: Crossmatch: Altus: Enter the six digit code it generates in the "Verification Code from the phone" field (Fig 6). Click "Save". Congratulations, you have now enrolled an OTP for Desktop 2FA! Once you have finished enrollment, simply select the "X" in the upper right hand corner.  If you do not have an OTP or Card enrolled at this point, do not close the enrollment window. You will be unable to log in until you visit IT in Tillis 208.  Sign-in Options Now when you sign into a machine, you will see a clickable button called "Sign-in options". This will allow you to select a variety of different authentication methods (Fig 7) to use.  NOTE: SCC Only Accepts Passwords, OTP, and Contact Cards as acceptable forms of Sign-In. Fig 7 - Sign-in Options Lost Swipe Card If you ever lose your Swipe Card, please review this support article.  Lost One-Time Passwords If you have lost access to your One-Time Passwords, please review this support article.

What is Two Factor Authentication, aka 2FA? Two Factor Authentication, shortened typically to 2FA, is an additional layer of security to help secure your account.  You are likely used to a username + password combination, which is a single factor (Your password) authentication method. A second factor authentication provides another method of proving you own the account, such as the use of a one-time generated passcode or a hardware device that you plug into your machine. Why use 2FA? What makes Single Factor Authentication so vulnerable? Traditional single factor authentication, a password, is vulnerable because that password needs to be stored on a server by the providing service in order to check it against what a user enters into the password field. This means a malicious actor can potentially steal hundreds to thousands of passwords at a time if they are able to breach a service's security.  Alternatively, if your password is intercepted while it's being checked by the service by a malicious actor, it gives that malicious actor control of your account, and any other account's that may use that same password.  2FA typically falls into one of three categories: A Knowledge Factor (Something you know, like a password or a PIN Code) A Possession Factor (Something you own, like an NFC Card or a One-Time Randomly Generated Passcode sent to your phone) A Biometric Factor (Face ID, Fingerprint, etc.) Single Authentication by password falls within the "knowledge factor". By combining that with a possession factor or biometric factor, you increase the strength of your account's security. So what is the Difference between Desktop 2FA and Online Services 2FA? Desktop 2FA Desktop 2FA at SCC protects your account by requiring 2FA to log in to a physical computer at SCC. This is required for all SCC Employees only.  You can login to any SCC Machine by use of a combination of a Password + Your Swipe Card, or via Password + One Time Passcode depending upon what you have registered.  These second factors are distinct and separate from Online Services 2FA. Click Here to Learn how to Enroll In Desktop 2FA Online Services 2FA Online Services 2FA is used to access any web based services provided by the college. This is protected by a combination of Password + One Time Passcode.  These One Time Passcodes are distinct and separate from the Desktop 2FA codes. 

Two Factor Authentication, also known as 2FA, is required for access for all employees to the Online Services Portal from any location. No Employee can access the portal without 2FA.  This enrollment process requires you to have the following: A Smart Phone with Google Authenticator App (Play Store for Android, Apple Store for iOS) A computer or other internet connected device for the initial enrollment NOTE: Please see the article about How do I transfer OTPs to a new Device? to learn how to transfer your OTPs when you get a new Smartphone.  Step 1 Navigate to the Online Services Portal page, available from the Faculty / Staff page. You must browse to this page on your computer or other device that does not have Google Authenticator.  Enter in your credentials for your SCC Account and press "Login" (Fig 1). The Online Services Portal will automatically enter "@salemcc.edu" for you if you do not add it yourself. Fig 1 - Enter in Your Credentials Step 2 Select the type of Smartphone Device you have (Fig 2). The most common two are either iPhone or Android. If you do not have a device that is compatible with any of the selections, please create a ticket with the Help Desk.  Fig 2 - Select your Phone Type Step 3 From your Smartphone, launch the "Google Authenticator" application. If you're prompted to setup for the first time, select "Scan a QR Code".  If this is not your first time using Google Authenticator, select the "+" icon in the lower right hand corner of the application, and select the "Scan a QR Code" option. Your phone may at this point prompt you to give permission for Google Authenticator to your device's camera, select "Allow".  Your device's camera will now open within the Google Authenticator app. Hold the camera up to your computer to scan the QR Code that was generated after you selected your phone type (See Fig 3) Fig 3 - Scan the QR Code with the Google Authenticator App Upon scanning the QR Code, an entry named "Salem Community College SSO" will appear, with a six digit code generating beneath it. These codes are generated every 30 seconds, as represented by a diminishing clock, and will no longer be valid once that time has expired. These codes are known as your "One Time Password", commonly referred to as an OTP. For ease of reading, these six digits are separated by a space. DO NOT enter the six digits with any spaces. You will need to enter the generated six digits into the "2nd Factor / One Time Passcode" and select "Continue". As long as you entered the six digit OTP before they expired, you should see the "Mobile Auth Enabled Successfully" screen (Fig 3A). Fig 3A - Mobile Auth Enabled Successfully Screen Logging In to Online Services Portal Having successfully completed the enrollment of your 2nd Factor Authentication, you will be returned back to the Online Services Portal to finish logging in. You will see the "Multi-Factor Login Required" Screen (Fig 4), where it will prompt you to enter in the One-Time Passcode. By this time it may be the same or a new generated code as in Step 3.  Simply refer back to your Smartphone device and enter in the latest code being generated, and select the "Login" button. You will now be logged into the Online Services Portal and have access to all applications within.  Fig 4 - Mutli-Factor Login Required Screen As a reminder, if you are planning on replacing your smart device, or have lost your device or uninstalled the Authenticator App, review the "Getting a New Phone / Lost Phone" article. If you have any issues with the enrollment process, please contact the Help Desk.  

Contact Public Safety If you have lost your Swipe Card, immediately reach out to the Public Safety team at 856-299-2100. Inform them of your name, position at the college, and the date upon which you lost your Swipe Card. The Public Safety team will begin the steps to issue you a new Swipe Card, which will culminate in you having to visit the college in-person to pick up. The Public Safety team will be able to give you an estimate of when you will be able to retrieve your new card. New Swipe Cards may not work with the door system for up to 24 hours after being issued.  Contact the Help Desk After having informed Public Safety of your lost swipe card, contact the Help Desk.  The Help Desk team will immediately un-enroll your lost swipe card from your account. This is a critical step that must be done to protect the college cyber-community. Please inform the Help Desk as soon as possible. If you have not enrolled for One-Time Passwords as another Desktop Authentication Factor, you will be unable to sign into any college machines.  If you do not have another Desktop Authentication Factor by your next work day, you will need to visit the Help Desk office located in Tillis 208. The Help Desk team will be able to grant you a temporary Desktop Authentication Card to allow you to log in for the day. This card must be returned at the end of the work day.  Once you have obtained your new Swipe Card, you will need to visit the Help Desk office located in Tillis 208. The Help Desk team will be able to assist you with enrolling the new card for Desktop 2FA.  For best results, please alert the Help Desk team the anticipated time you will be visiting the office, to ensure that someone will be there to assist.  NOTE: The temporary Desktop Authentication Card is not authorized to open any SCC doors. It is ONLY for use as a second factor authentication when logging into a college computer. 

If you have left your device which generates your One Time Passcodes at home, you may call the Help Desk at 856-351-2671. After verifying your information with the Help Desk team, they will be able to generate a 9 digit OTP to allow you to access the Online Services Portal. If the Online Services Portal times out and signs you out, you will need to contact the Help Desk for another OTP to be generated. 

Google Authenticator, by default, does not sync your OTPs (One Time Passwords) across to new devices. Instead, the OTPs are tied to the specific device they were registered with. This means, that if you were to purchase a new smartphone, that the Google Authenticator App will transfer over to the device, but the OTPs will not.  Google provides the ability to export your OTPs to facilitate transfer to new devices.  Note that these instructions are only for when you have access to both your old device and new device, assume you have your new device ready with your apps transferred over, and HAVE NOT wiped your old device.  For more information on how to transfer your apps, see your local network carrier for help. Step 1 On your old device, select the Menu Icon (☰) in the top left hand corner. Select the "Transfer Accounts" setting. It will open a new screen, allowing you to choose the option to Export or Import accounts.  Select "Export Accounts". You may be prompted for your fingerprint, face ID, or PIN number for your phone for security purposes. Enter in the desired method.  By default, the App will select all your OTPs for transfer. If, for any reason, there are codes you do not wish to transfer, simply de-select the check mark next to that name. When finished, select "Next".  Depending upon the amount of OTPs you have to transfer, there may be one or more QR Codes for you to scan. Once you reach this step, move on to Step 2.  Step 2 On your new device, open the Google Authenticator application. As in Step 1, select the Menu Icon (☰) in the top left hand corner, and select "Transfer Accounts". Select "Import Accounts". It will give you brief instructions similar to described in Step 1. Select the "Scan QR code" button in the bottom right hand corner.  Scan the QR Code(s) as prompted, clicking "Next" on your old device as needed if there are multiple QR Codes.  Step 3 Verify that the codes on both devices match, and they are generating the same set of codes for each entry.  Once you have verified that the codes have come over, it is safe to wipe or factory reset your old device and dispose of it in an appropriate manner. 

If you are attempting to send an e-mail to someone as an SCC Employee with an attachment, and regularly receive a bounce back email, it is likely the result of us blocking the file attachment.  One of the most common causes of a bounce back message is sending a Word Document in the older, vulnerable "*.doc" format. The .doc format was replaced in 2007 by the more secure "*.docx" format.  The older .doc format is routinely used to deliver malware and other undesirable applications, which is why it is blocked.  The easiest way is to save your document as the new .docx format, available in Microsoft Office 2007 and newer. Simply open the document, select "Save As" . Change the dropdown menu from "Word 97-2003 Document (*.doc)" to "Word Document (*.docx)".  Attach the new version to your email and it should now get delivered. Alternatively, you can save and send as a .PDF as well.  There are other file formats that are also prevented from being delivered to SCC. If you think you may have sent something that is blocked, have the person you are trying to send it to to Contact SCC's Help Desk to review the email and review what options they have for getting the email delivered. 

The Salem Community College Help Desk has two categories for Help Desk tickets, each with their own purpose: Incidents and Services. You will only see these options if you are signed in to the Help Desk system through the Online Services Portal.  What is an Incident? An incident is used for any request where something isn't behaving or working in the correct manner. On the Help Desk Portal, you may enter in an incident request by selecting "Report an Issue".  This will allow you to select an item for any sort of Incident, whether it be an Information Technology (IT) issue [Paper Jams, Login Issues, Email Issues, etc.], a Public Safety (PS) issue [Alarm Issues, Medical Issues, Incident Reports, etc.], Campus Operations (CO) issue [Facilities Issue], or other departmental issues.  Select in the "Issue related to" field to the department that best matches your issue. That will also limit you to options for tickets exclusively relative to that department.  What is a Service Request?  A service request is when you need something set up, or require a certain piece of equipment or other service, such as technician coverage for an event.  Service Requests are categorized by Department, and selecting that department will show you only Service Request options specific to that Department. What if what I require isn't a category? If your issue is an Incident, simply select the Information Technology department as the issue related to, and select the "IT - Other category".  If your issue is a Service Request, and no category seems to exist, under the Information Technology Department, please select the "Service Category Request" option to request a category. If that service request category truly does not exist, one will be created.