1. Good Grants Help Centre
  2. Getting started
  3. 03. Registration and authentication

Accessing your Good Grants account

Alex Bon Ami
Updated

There are multiple ways users can access their Good Grants account. Depending on your configuration, login may include:

  • Standard email verification
  • Multi-factor authentication (MFA)
  • SAML single sign-on (SSO)
  • A combination of SAML and MFA

This guide explains each scenario.

Standard login: first login

When a user creates an account, they:

  1. Enter their email address
  2. Receive a six-digit code (6DC) via email
  3. Enter the code to confirm their email address

The six-digit code verifies that the email address is valid. Once confirmed, the 6DC is no longer required for standard logins.

Login with multi-factor authentication (MFA)

Users can increase account security by enabling multi-factor authentication (MFA), sometimes called two-factor authentication (2FA).

MFA is optional unless required by your program.

If MFA is enabled, users must:

  1. Enter their email and password
  2. Enter their MFA code from their authentication app

During sign-in, users can select the option to be remembered for 30 days. When selected, they will not be prompted for their MFA code again for 30 days on the same browser so long as cache has not been cleared.

For more information, see the Multi-factor authentication guide.

Login using SAML authentication

SAML is a paid add-on. Contact support if you would like to enable this functionality.

When SAML is configured, users can log in using your SSO provider (for example, Okta).

To log in via SAML:

  1. Click Log in via SAML on the home page
  2. Authenticate through your SSO provider
  3. Be redirected back to Good Grants once authentication is successful

Authentication is managed by the SSO service.

SAML login: first login

When logging in via SAML for the first time, or from a new device or browser, Good Grants sends a six-digit code (6DC) via email after successful SAML authentication.

This occurs:

  • On first SAML login
  • When using a new browser or device
  • If more than 30 days have passed since the last login on that browser

If your SSO provider requires MFA, that step occurs within the SSO service—not within Good Grants.

Login using both SAML and MFA

If:

  • SAML is enabled for the account, and
  • The user has enabled MFA in theirGood Grants profile

Then additional verification steps apply when logging in from a new device or after 30 days. The login flow will be:

  1. Click Log in via SAML
  2. Authenticate with the SSO provider
  3. Complete MFA within the SSO provider (if required)
  4. Be redirected to Good Grants
  5. Enter the Good Grants MFA code

The MFA code required by Good Grants is separate from any MFA used by the SSO provider. It is generated by the user’s authentication app configured within their Good Grants profile. Once both verification steps are complete, access is granted.

Good to know

  • The six-digit code (6DC) is used to verify email addresses during first login and cannot be bypassed or removed.
  • SAML is a paid add-on feature.
  • MFA is optional unless enforced by the program.
  • The “remember for 30 days” option applies per browser. Clearing cookies or cache will trigger MFA again.
  • A six-digit code is sent after SAML login on first use or after 30 days.
  • MFA codes used for SSO and Good Grants are separate when both are enabled.
Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more