JumpCloud Office Hours: Join our experts every Friday to talk shop. Register today

Setting Up MFA for Remote Employees



As organizations shift to entirely distributed-work models, IT admins need to be sure that their remote end users are as secured as possible. Given that users are outside of IT’s direct control when out of the brick-and-mortar office, admins should prepare their users for security and success right out of the gate so they don’t run into any problems later on.

Multi-factor authentication (MFA) is a great way to frontload your security efforts, but setting up MFA for remote employees can be troublesome unless you have the right tools. In this post, we’ll cover the importance of MFA and how to best implement it across a remote workforce.

Why MFA?

MFA, also known as two-factor authentication (2FA), requires the presentation of an additional authentication factor beyond the standard username/password credential pair at login to a service. This additional factor, which can be anything from a randomly generated code to a physical USB key, significantly improves login security.

When a user is forced to present an additional factor at login, the same can be said for a bad actor who has gained access to that user’s credentials. Regardless whether they’re compromised through phishing or cracked through brute force bot attacks, a set of credentials backed by MFA carries significantly less weight in the hands of someone looking to attack an organization.

In their study of MFA as a general security best practice, the Google® Security blog found that commonly used device-based forms of MFA are, on average, at least 90% effective at preventing account takeovers due to a botnet or bulk phishing attack. Most forms of MFA have varying degrees of success, but physical security keys were shown to be up to 100% effective for most attack types.

Where Can MFA Be Used?

Because it’s such an effective security tool, MFA should be applied wherever possible. Depending on the solution used to enforce MFA, IT admins can require MFA at login to user systems, applications, and even VPN connections when integrated via RADIUS. For organizations with distributed end users, VPN MFA is especially key for protecting remote access.

Setting Up MFA for Remote Employees

In order to leverage MFA across a disparate workforce, IT admins need the proper tools to integrate MFA into their organization.

Potential Problems

To be used effectively, MFA should tie directly into the identity being used to authenticate to a resource. For many organizations, this identity is sourced from the core identity provider (IdP).

Traditional IdPs, such as Microsoft® Active Directory®, struggle with this task, as they don’t natively feature MFA capabilities or authenticate to resources that exist outside of their direct domain. Oftentimes, organizations using AD need to purchase additional tooling, like Identity-as-a-Service (IDaaS) solutions, to extend AD identities and apply MFA to authentication.

Beyond implementation troubles, IT admins may experience additional challenges when it comes to the end user experience. Depending on how it’s implemented, MFA can make login processes trickier for users, requiring additional information to be entered beyond the username and password they’re used to. With a fully remote workforce, these issues may be exacerbated by the fact that IT admins can’t address the problem in person like they might usually in the office.

Potential Solutions

IT organizations can leverage a cloud directory service to set up MFA for remote employees across systems, apps, and networks. Using a cloud directory service, admins can require these forms of MFA:

Unlike traditional IdPs, a cloud directory service doesn’t need additional tools to apply MFA or extend identities; they’re all built in and capable of being administered remotely.

Watch this webinar to learn more about the importance of MFA in the modern enterprise and how it can be implemented through a cloud directory service.


Recent Posts
Samba file servers are a popular option when considering file storage. So IT admins are focusing on LDAP authentication for Samba file servers.

Blog

LDAP Authentication for Samba File Servers

Samba file servers are a popular option when considering file storage. So IT admins are focusing on LDAP authentication for Samba file servers.

Integrating AWS Client VPN into your IT environment is simple with the help of a cloud directory service. Try one here for free.

Blog

Integrating AWS Client VPN into Your IT Environment

Integrating AWS Client VPN into your IT environment is simple with the help of a cloud directory service. Try one here for free.

We’re launching JumpCloud University, a free education platform to help you get the most out of your directory. Try JumpCloud free today.

Blog

JumpCloud University: Our Approach to Education

We’re launching JumpCloud University, a free education platform to help you get the most out of your directory. Try JumpCloud free today.