2FA for MSPs

Written by Zach DeMeyer on March 16, 2020

Share This Article

Two-factor authentication (2FA) is one of the top security features that MSPs (managed service providers) can offer their clients. The dramatic improvement in security helps both parties sleep at night. But sometimes, client organizations are wary of implementing 2FA. “Do I really need 2FA? Will it hamper employee productivity? Does it cost more than it’s worth?”

MSPs may also have their misgivings. 2FA might result in more help desk tickets — and enforcing it at scale across multiple organizations requires careful tooling to execute well. Below, we’ll explore why 2FA is such a critical addition to the MSP’s solution stack and how to enforce it across Mac®, Windows®, Linux®, apps, networks, and more.

Why 2FA?

2FA requires you to present two things upon login to a service: something you know and something you have (or are). Usually, the “something you know” factor consists of a username and password credential pair. The second factor, “something you have,” can be anything from a randomly generated token to a physical key or biometrics.

Regardless of what the second factor is, simply including an additional factor to the authentication process has remarkable effects on security. For example, Symantec found that 2FA could have prevented 80% of recent security breaches. Additionally, in their study of the efficacy of MFA, Google’s Security Blog found that a second factor is 100% effective at preventing account takeovers due to bot, brute-force, and even targeted attacks, depending on the factor used.

Enforcing 2FA at Scale

Although 2FA is highly effective for increasing security, IT admins without the proper tooling have a hard time enforcing 2FA at scale across an organization. Many end users see 2FA as a tedious extra step, and some feel that the additional time taken to authenticate isn’t worth the security benefits.

As such, even armed with a solution to enforce 2FA, admins need to drive end user adoption for 2FA for it to really be effective. For MSPs, this issue is multiplied across each client organization. MSPs are responsible for setting up their clients’ security measures, so they’ll need to make sure that each client’s users are aware of and understand 2FA, on top of enforcing it across all organizations.

Beyond that, differing client IT environments means that MSPs may need different solutions to enforce 2FA at scale. For instance, a solely Windows organization may need a different 2FA tool than one with a blend of Windows, Mac, and Linux systems. Knowing that, what’s an ideal way to implement 2FA for MSPs?

Use JumpCloud to Enforce 2FA En Masse

JumpCloud® Directory-as-a-Service®  is the first cloud directory service, managing user identities and access control across virtually all IT resources. Admins use JumpCloud to implement 2FA across all major OSs, as well as applications, networks, and more. JumpCloud integrates with most major 2FA providers, including Google Authenticator and Duo Security.

MSPs can leverage JumpCloud’s Multi-Tenant Portal (MTP) to manage multiple client organizations from a single pane of glass. That includes the ability to set up 2FA enrollment windows to help ease their clients into leveraging 2FA across their IT resources. 

Learn more about the JumpCloud Partner Program

The JumpCloud Partner Program works with MSPs, resellers, and other IT service providers to optimize their Directory-as-a-Service experience. Joining the Partner Program provides MSPs with discounted rates, specialized support, and co-marketing opportunities. 

If you’re interested in joining the Partner Program, please reach out to us. If you’d like to learn more about enforcing 2FA as an MSP, read our MSP Guide to Selling 2FA.

Continue Learning with our Newsletter