Although multi-factor authentication (MFA) provides effective identity security for organizations, many are wary of the potential implementation challenges. For managed service providers (MSPs), this difficulty compounds with every client organization they manage. Thankfully, a multi-tenant MFA solution can aid with these concerns through centralized management and resource-neutral application.
The Pros and Cons of MFA
Let’s start by detailing the potential benefits an MSP and their clients may gain from MFA. Then, we’ll go into the hardships that might be involved.
When talking about MFA, the foremost benefit is security. Like it or not, we live in an era plagued by data breaches. As of late, MSPs and their clients have become top targets for attacks. Specifically, bad actors rely upon compromised credentials to worm their way into networks, creating disaster for an organization.
To combat this, MFA presents a steep hurdle for attackers to leap over by requiring additional authN factors beyond the standard username and password. Often, these factors are tokens generated on a smartphone or sent to a user via SMS. However, they can also take the form of USB keys, biometric data (facial features, fingerprints, iris structure, etc.), and push notifications. Some MFA tooling even allows users to deny or approve access based on the IP address attempting to log in using their credentials.
Unless the user’s source of MFA is also compromised, MFA renders compromised credentials practically invalid when it comes to taking over an account. The Google Security Blog found as much while evaluating the efficacy of various forms of MFA, determining that device-based MFA blocks nearly 100% of attacks against an account.
Expanding upon the general security benefits, another key advantage of MFA is the fact that it can be applied to almost any login window a user can access. With the proper tooling, an MSP can enforce MFA at the system and application levels, even going so far as protecting networks when MFA is enforced on VPN connections.
Although highly effective for security, MFA comes with a few drawbacks that have led many organizations to avoid its implementation. Topping this list are concerns over efficiency. Employees spend upwards of 36 minutes a month entering their username and password to access their various work accounts. It may seem like an inconsequential amount of time, but multiply that across an average, 50 employee organization over the course of a year and the result is over 40 hours of time lost due to credential entry.
With MFA, end users not only have to enter their credentials, but input an additional form of authentication, effectively doubling that time spent. Beyond that, with MFA approaches like TOTP (Time-based One-Time Password), end users have a limited period of time when their MFA token is valid. If they use a token outside that period, the end user will need to wait until the next one generates, eating into their productivity.
The other problem admins face with MFA is its complex implementation. In order to enforce MFA organization-wide across all pertinent resources, an IT admin needs a tool that covers each resource. For instance, many web application single sign-on (SSO) providers offer MFA as a part of their solution. Unfortunately, this MFA only covers the applications connected via SSO. For systems, networks, and more, admins will need an additional MFA tool that secures those resources. The cost of each of these MFA tools ultimately adds up, creating a significant drain on an organization’s budget.
Unpacking Multi-Tenant MFA
For MSPs, the pros of MFA laid out above remain constant, but the cons are multiplied by each client they manage. Like with all client organizations, differing IT environments means differing needs. Some may have a blend of operating systems that need additional protection; others may require MFA on VPNs for remote employees. As such, MSPs need an MFA tool that can cover all of their clients’ security needs.
Beyond that, MSPs shoulder the burden of completely managing client IT needs, so problems with MFA would need to be communicated remotely or otherwise solved in person by travelling to client offices. In the modern era, this “break-fix” model of administration is quickly falling out of favor, so MSPs need a tool that can effectively cover all of their clients’ MFA needs without them needing to interact with clients on-prem.
A multi-tenant MFA solution would provide MSPs with a single location to manage all client organizations from the cloud. Ideally, this solution would be a cross-functional platform so an MSP’s MFA offering can be customized to meet client needs.
Multi-Tenant MFA Solution from JumpCloud
JumpCloud® Directory-as-a-Service® is the first cloud directory service, connecting users to their systems, applications, networks, and more through a single, authoritative identity. As part of this offering, JumpCloud provides MFA on all three major operating systems (Mac®, Windows®, Linux®), applications, infrastructure, and networks.
JumpCloud also features the Multi-Tenant Portal (MTP), a capability designed specifically for MSPs. Using the MTP allows you to manage identities and access control, including MFA, across multiple client organizations from a single pane of glass. Since JumpCloud is platform-agnostic and protocol-independent, MSPs can leverage the product across practically any client organization.
JumpCloud Partner Program
The JumpCloud Partner Program offers MSPs and other IT service providers/resellers the opportunity to pair with JumpCloud’s world-class team with competitive margins, lead generation as appropriate, specialized support, and co-marketing materials.