In today’s world, Multi Factor Authentication (MFA) needs no introduction. Applications that focus on security provide MFA as an additional layer of security on top of its regular login-in/ authentication mechanism. Falcon Deploy comes with MFA enabled as its default configuration. It is based on TOTP algorithm.
When a user account is created in Falcon Deploy, the following steps are done by the authentication framework.
- The user’s temporary password is encrypted and stored in the database.
- Enables the user account for MFA. A security key is setup and attached to the user’s profile.
- A welcome email is sent to the user with a link to the password page where users can set their password. The email also has the MFA security key.
Users are responsible for setting up the 2 Factors used for authentication.
User is presented with a login screen. The username and password will be the 1st factor. After successful authentication, the user is presented with another screen for the 2nd Factor, the MFA.
User will use the dynamic code, usually a six digit number from their MFA client. The MFA code is time based and changes continuously. After entering the correct code, user is logged in to the application.
As a user, when you receive the welcome email, we encourage you to reset your account password and configure a MFA client as soon as possible with the provided key.
Once the password and MFA is setup, you can login using 2 Factor authentication.
There are few options available for setting up MFA.
- Hardware MFA device
- Virtual MFA device
- SMS based MFA
Virtual MFA devices
Virtual MFA client is a less expensive, sometimes free alternative to Hardware MFA device. You can use a smartphone or tablet as a MFA device. The software on it is responsible for generating a time based, six digit numeric code. Users will enter the code generated by the software in Falcon Deploy MFA screen.
A popular software based mobile device app is Google Authenticator. It is available on Android, iOS and BlackBerry OS. You can download the app from your app/play store and use the Falcon Deploy security key to set it up. Once setup, it will be rotating the security code at regular intervals. Every time you login, for the 2nd factor, use the code generated in the app.
During login, each time you fail to authenticate using MFA, you are using up login attempts. If you fail to authenticate within permitted retries, your user account will be locked.
If your account is locked, you will have to wait for a specific duration before trying again. This duration is set by your Falcon Deploy administrator. An administrator can unlock your account anytime during the wait period.
Retry count and Lock hours are configured by your Falcon Deploy administrator.