Cloud IAM Feature Multi-Factor Authentication

By Jon Griffin Posted September 5, 2019

MFA

 One of the most significant security innovations in the identity and management world has been multi-factor authentication (MFA). The challenge with it for IT admins has been that MFA (often referred to as 2FA) has long been separated from the identity provider. It has been a separate category for IT admins to purchase and implement. Now though, the cloud IAM feature for multi-factor authentication is tightly integrating MFA within the cloud identity provider platform.

The Two Factors of Authentication

multi-factor authentication

Historically, directory services, the core identity management platform within an organization, worked through username and password credentials. This is the approach that Microsoft Active Directory® took with their on-prem, legacy directory service. While username and password credentials are core to virtually all of the services that we still use both on-prem and in the cloud, that doesn’t have to be the extent of the authentication process.

Multi-factor authentication has emerged as a “second factor” that end users need to provide in order to gain access to the IT resource. Recently, this has taken the form of an application on a smartphone. This MFA application – e.g. Google Authenticator – is paired with the cloud IAM platform to enforce the second factor upon login. This second factor can be used for access to a system (e.g. Mac laptop or desktop), or with applications. End users will enter a token generated on their MFA application into their machine or application login.

Integrating Multi-factor Authentication into Cloud IAM

Modern cloud IAM platforms such as Directory-as-a-Service are integrating 2FA into the core directory service. The benefit of this is that authentication becomes more secure, but IT admins don’t need to manage or pay for a separate system. IT organizations can simply add a requirement for multi-factor authentication to their system or application login process.

Another benefit of MFA is that the login process requires something that the end user knows (username/password) and something that they have (i.e. a token generated from their smartphone). Whereas an IT resource could be compromised with just a username and password combination, a hacker now needs to have both the user’s credentials and their phone. This is a much more unlikely scenario, and one that dramatically reduces the chances of a compromise. Some experts have said that this combination makes identities virtually unhackable.

Combining MFA with Cloud IAM

If you would like to learn more about how the cloud IAM feature multi-factor authentication is a game changer for your cloud identity management strategy, drop us a note. We’d be happy to talk with you about identity security and why a modern IDaaS platform has this integrated. You can also sign-up for a free cloud directory account and check out the MFA capabilities for yourself. Your first 10 users are free forever.

Jon Griffin

Jon Griffin works as a writer for JumpCloud, an organization focused on bringing centralized IT to the modern organization. He graduated with a degree in Professional and Technical Writing from the University of Colorado Colorado Springs, and is an avid learner of new technology from cloud-based innovations to VR and more.

Recent Posts