/
Testing Multi-Factor Authentication (MFA) in OpenCCC - Pilot UAT Guide

California Community College logo

Testing Multi-Factor Authentication (MFA) in OpenCCC - Pilot UAT Guide

Overview & Objectives

As part of our commitment to safeguard student data and secure institutional access, we are introducing Multi-Factor Authentication (MFA) into the CCCApply and OpenCCC student account systems. Your feedback on these security enhancements are critical to the continuous improvement of our products and services and supporting student success.

Before this feature goes live to the student body, we invite CCC college staff and selected students to conduct User Acceptance Testing (UAT).

The objectives of this pilot UAT are to:

  • Validate that the new MFA flow works seamlessly with new account creation, ID verification, and user sign in flows;

  • Ensure account recovery and ID verification flows remain functional and secure with MFA enabled.

College Staff: Familiarize college staff with the new student user experience using MFA to facilitate better on-campus support services.

 

Getting Started and Prerequisites

Before starting testing, ensure you have the following ready:

Requirement

Details / Action Required

Pilot URL

Navigate to the Pilot environment URL, below: 
https://test.opencccapply.net/gateway/apply?cccMisCode=ZZ1

Reminder: Do not test on the production site.

Pilot Testing Account

You will need a Pilot OpenCCC account
If you do not have an existing Pilot account, follow the instructions for Create A New OpenCCC Account Using MFA below.

Unique Email Address

A unique email address is required . Users will retrieve security codes from a valid email account during testing.

Mobile Phone Number

(Second MFA Method)

Testing with a mobile phone number is optional, but recommended.

  • Must be a valid mobile phone number capable of receiving SMS text messages

  • Cannot be a landline to be used for MFA

How To Guides

Please refer to the Multi-Factor Authentication (MFA) in OpenCCC and CCCApply guide for step-by-step, how-to instructions for each user workflow.

Pilot Test Cases

Below are test guides for the following workflows:

Create a New Account Using MFA

Case 1: Verify that a new account can be successfully created with MFA.

  1. Go to the testing (Pilot) environment URL (below) and click on "Create an Account" from the CCCApply Sign In page.

    1. https://test.opencccapply.net/gateway/apply?cccMisCode=ZZ1

  2. Enter your credentials (email and password) and complete the verification process with security code.

  3. Optional: Enter your mobile phone number as a second method of authentication and verify with security code.

  4. Optional: Verify your identity using one of the two trusted vendor options; otherwise click “Verify Later” on the ID Verification Options page

  5. Continue with account setup using real or dummy details on the Create Profile page (Name, Address, DOB, SSN) and create a secure password following the on-screen complexity requirements.

  6. Ensure all required fields are populated and then click “Save”.

  7. Confirm: Are you signed in on the CCCApply My Applications page?

Sign In with MFA - Verified User (Happy Path)

Prerequisite: To successfully test this use case, the tester must have an completed ID verification in this environment through one of the two options: For this Pilot testing, no one will be “verified”. When the ID Verification page appears, scroll down and click the “Verify Later” link.

Case 2: Ensure a verified user with an existing OpenCCC account can sign in with MFA (email) and land on the My Applications page.

  1. Log out of CCCApply My Applications page (from Case 1) or return to the CCCApply Sign In page (Pilot).

  2. Enter your email and password, then click "Next".

  3. Select your method of contact (Email) from the options on the Keep Your Account Secure screen and request a security code.

  4. Get the code from your email Inbox and enter the code in the Security Code input field. Click “Verify Email”.

  5. Confirm: Access is granted and you have landed on the CCCApply My Applications page.

 

Sign In with MFA - Unverified User

Prerequisite: To successfully test Case 3, the tester must have an ID verification status of “Unverified” (or the user has never verified).

Case 3: Ensure an unverified or never verified user with an existing OpenCCC account can sign-in with MFA (email), complete the ID verification process, and land on the My Applications page. .

  1. Log out of your CCCApply My Applications page (from Case 1) or return to the CCCApply Sign In page in the Pilot environment.

  2. Enter your email and password, then click "Next".

  3. Select the method of contact you want to receive your code from the options on the Keep Your Account Secure screen and request security code.

  4. Get the code from your email Inbox (or mobile phone) and enter the code in the Security Code input field. Click “Verify Email”.

  5. Select one of the two ID verification vendor options on the CCC Students are page, and follow the instructions to complete identity verification.

  6. Sign In: On the CCCApply Sign In page, sign in with valid email address and security code as a verified user.

  7. Confirm: Access is granted and you have landed on the CCCApply My Applications page?

 

Adding a Mobile Phone Number as Second Method of Authentication

Case 4: Ensure a user with an existing OpenCCC account can sign in to the Edit Account page using MFA and add/update their mobile phone number and verify it for MFA.

  1. Navigate to the CCCApply Sign In page and login with MFA.

  2. From the My Applications page, click the “Settings > Edit Account” link in the upper right corner of the main navigation bar and see the Edit Account page open in a new tab or window.

  3. Enter your mobile number in the “Mobile Phone” input field, then set “Phone Type” to Mobile.

  4. Ensure all required fields, including the Social Security Number question, are populated on that page and click Save.

  5. Verify: Confirm that you are prompted to verify your new mobile number using a new security code.

  6. Check your mobile phone for the code (SMS text) and input it into the Secure Code screen. Click "Next".

  7. Verify: Access is granted and you are able to Sign In again with your mobile phone number successfully.

 

Setting Your Preferred Method of Contact

Case 5: On the Edit Account screen, ensure you can set your Mobile Phone Number as your Preferred Method of Contact for MFA.

  1. Navigate to the CCCApply Sign In page and login with MFA.

  2. From the My Applications page, click the “Settings > Edit Account” link in the upper right corner of the main navigation bar and see the Edit Account page open in a new tab or window.

  3. On the Edit Account screen, go to the Preferred Method of Contact section and choose the method you’d prefer to receive security codes, notifications, and other messages from CCC regarding your account in the future: Email or Mobile Phone Number.

  4. Click the Make Preferred button beneath your preferred choice.

  5. Review the information in your account for accuracy, including the Social Security number, then click Save at the bottom of the page.

  6. Return to the CCCApply Sign In page and log in.

  7. Verify: Confirm that you received your security code via your preferred method of contact automatically.

  8. Check your email inbox or mobile phone for the code (SMS text) and input it into the Secure Code screen. Click "Next".

  9. Verify: You have successfully signed in to CCCApply.

 

Sign In with Multiple Verified Options

Case 6: Experience the flow of having both your email address and your mobile phone number verified at the point of login.

  1. Start on the CCCApply Sign In page (Pilot).

  2. Enter your email or mobile phone number and password, then click "Next".

  3. Select the method of contact from the options on the Keep Your Account Secure screen and request a security code.

  4. Get the code from your email Inbox or your mobile device, and enter the code in the Security Code input field. Click to “Verify”.

  5. Confirm: Access is granted and you have landed on the CCCApply My Applications page.

 

Recovering Your Account Using MFA

Case 7: Test how students who still have access to their email address but have forgotten their password can use self-recovery options to regain access to their account.

  1. Start on the CCCApply Sign In page (Pilot).

  2. Enter the email address that you originally created your account with, then click "Next".

  3. On the Password page, click on the Forgot your password? link and click Next. The Keep Your Account Secure page appears.

  4. Confirm that your partially hidden email address that is shown is yours, then select it and click Next.

  5. Check your email inbox for your security code and enter on the Security Code page. Click Next.

  6. From the Update Password page, complete the steps to create a new password and click Save. (Save your password in a secure location).

  7. Verify: The next sign in attempt should be successfully using your new password and verified credential.

Pilot Testers: Navigate to the URL below and click the Create an Account link.https://test.opencccapply.net/gateway/apply?cccMisCode=ZZ1