By Jon Griffin Posted September 5, 2019
One of the most significant security innovations in the identity and management world has been multi-factor authentication (MFA). The challenge with it for IT admins has been that MFA (often referred to as 2FA) has long been separated from the identity provider. It has been a separate category for IT admins to purchase and implement. Now though, the cloud IAM feature for multi-factor authentication is tightly integrating MFA within the cloud identity provider platform.
The Two Factors of Authentication
Historically, directory services, the core identity management platform within an organization, worked through username and password credentials. This is the approach that Microsoft Active Directory® took with their on-prem, legacy directory service. While username and password credentials are core to virtually all of the services that we still use both on-prem and in the cloud, that doesn’t have to be the extent of the authentication process.
Multi-factor authentication has emerged as a “second factor” that end users need to provide in order to gain access to the IT resource. Recently, this has taken the form of an application on a smartphone. This MFA application – e.g. Google Authenticator – is paired with the cloud IAM platform to enforce the second factor upon login. This second factor can be used for access to a system (e.g. Mac laptop or desktop), or with applications. End users will enter a token generated on their MFA application into their machine or application login.
Integrating Multi-factor Authentication into Cloud IAM
Modern cloud IAM platforms such as Directory-as-a-Service are integrating 2FA into the core directory service. The benefit of this is that authentication becomes more secure, but IT admins don’t need to manage or pay for a separate system. IT organizations can simply add a requirement for multi-factor authentication to their system or application login process.
Another benefit of MFA is that the login process requires something that the end user knows (username/password) and something that they have (i.e. a token generated from their smartphone). Whereas an IT resource could be compromised with just a username and password combination, a hacker now needs to have both the user’s credentials and their phone. This is a much more unlikely scenario, and one that dramatically reduces the chances of a compromise. Some experts have said that this combination makes identities virtually unhackable.
Combining MFA with Cloud IAM
If you would like to learn more about how the cloud IAM feature multi-factor authentication is a game changer for your cloud identity management strategy, drop us a note. We’d be happy to talk with you about identity security and why a modern IDaaS platform has this integrated. You can also sign-up for a free cloud directory account and check out the MFA capabilities for yourself. Your first 10 users are free forever.