IDaaS And MFA (Multi-factor Authentication)

By Rajat Bhargava Posted January 5, 2017

As the authentication process moves to the cloud with IDaaS, folks are wondering how IDaaS providers will step-up security. One of the most significant steps that any organization can take is to protect their login process with multi-factor authentication.

The question for IT admins is: how do IDaaS and MFA work?

Walking Through The History of IDaaS

evolution-of-directory-service-simple

Before diving into the integration of IDaaS and MFA, also sometimes called 2FA, it is critical to discuss what Identity-as-a-Service really means.

The traditional view of IDaaS has been web application single sign-on. It is a narrow definition of what is becoming an important next-generation cloud identity management platform. As IT admins move to the cloud, they are searching for a core identity management platform that securely manages and connects their user identities to their IT resources, including systems, applications, and networks.

Think of this approach as integrating directory services with single sign-on and moving it all to the cloud. This innovative approach to identity management is then paired with multi-factor authentication at the system and application level.

Security Deepens with MFA (Multi-Factor Authentication)

While many traditional SSO solutions include application-level MFA, that still leaves the device vulnerable to attack. System-level MFA is critical in the fight against identity theft and a significant step-up in security.

Here’s how it works:

system-based-mfa-concept

As a user logs into their Windows, Mac, or Linux device, the IDaaS platform is involved in authenticating the user’s password. The benefit of the virtual identity provider is that it is a cross-platform solution rather than a Windows-focused solution like Microsoft Active Directory. A lightweight agent is placed on each system. It is then leveraged not only in the process of authenticating the user but also in managing the system. MFA is added to the authentication process to increase the level of security. The user must enter a code generated by a third-party application, such as Google Authenticator or Duo Mobile, on their smartphone.

By adding multi-factor authentication, a hacker cannot log into the device without knowing the password and having possession of the user’s smartphone. The combination of those two factors in the login process means the chances of a compromise are much more remote. IDaaS providers such as Directory-as-a-Service® are providing both system-based and application-level MFA.

Test The Waters with Current IDaaS and MFA Solutions

mfa-illustration

If you would like to learn more about IDaaS and MFA, drop us a note. With identity theft and breaches a major concern for IT organizations, finding an identity management platform that can solve the issue is critical. Also, please try the IDaaS platform from JumpCloud® to see how MFA is integrated into our platform. Finally, please remember that your first 10 users are free forever.

Rajat Bhargava

Rajat Bhargava is co-founder and CEO of JumpCloud, the first Directory-as-a-Service (DaaS). JumpCloud securely connects and manages employees, their devices and IT applications. An MIT graduate with two decades of experience in industries including cloud, security, networking and IT, Rajat is an eight-time entrepreneur with five exits including two IPOs, three trade sales and three companies still private.

Recent Posts