: Configure Google Multi-Factor Authentication (MFA)
Focus
Focus

Configure Google Multi-Factor Authentication (MFA)

Table of Contents

Configure Google Multi-Factor Authentication (MFA)

Enable Google MFA for account access to SaaS Security to strengthen your security posture.
If your organization has not standardized a SAML SSO for SaaS Security administrator access, you can set up multi-factor authentication (MFA) to strengthen your security posture. You must be a Super Admin to set or change the authentication settings. When you enable MFA, you protect your account by logging in with your password and a unique verification code (sent to your phone via text, phone call, or the Google mobile app).
Google MFA Authentication is unavailable to SaaS Security instances set up after July 17, 2019.
  1. Configure your device for MFA.
    Your Android device must be running Android version 2.1 or later to use Google MFA. Your iPhone, iPod Touch, or iPad must have the latest operating system for your device, and your iPhone must be a 3G model or later to set up the app using a QR barcode.
    1. Log in to SaaS Security using your current credentials. Click
      Proceed to setup MFA
      .
    2. Install
      the Google Authenticator app to your mobile device.
  2. Link your mobile device to your account on SaaS Security.
    1. Using
      QR Barcode
      — Select Barcode
      View
      . If the authenticator app can't locate a barcode scanner app on your mobile device, you can download and install one. If you want to install a barcode scanner app so you can complete the setup, select
      Install
      , and then go through the installation process. After installation, reopen Google Authenticator, and point your camera at the barcode on your computer screen.
    2. Using
      Private Key
      — Select Private Key
      View
      and then enter the
      private key
      on your authenticator app.
    3. On the
      Regenerate Key?
      screen, click
      OK
      to receive two consecutive passcodes to sync to the authenticator app.
    4. On SaaS Security, enter the two passcodes and
      Save
      the setup.
    5. Read and
      Accept
      the End-User License Agreement (EULA).
      To test that the app is working, enter the verification
      Code
      from your mobile device and then
      Verify
      . A confirmation message will display if your code is correct.
      Save
      to exit the setup. If your code is incorrect, try generating a new verification code on your mobile device, and then entering it in your computer.
  3. Configure MFA on SaaS Security.
    As a
    Super Admin
    , you can change the Authentication settings for any account except your own. To change your Authentication settings, another Super Admin must configure your account.
    1. Select
      Settings
      Authentication
      .
    2. Select an
      Authentication
      method:
      • Local Authentication
        — Grants user access after successfully presenting a passcode pair or QR barcode evidence to the MFA mechanism.
      • Single Sign-On
        — A single sign-onlogin event provides automatic access to multiple authenticated services, and a single logout event automatically ends the session for multiple services.
      • Save
        your selection.
    3. Define the settings for local authentication.
      • Enter the one-time password (OTP) prompt frequency in
        Local Authentication
        Do not prompt for OTP
        to
        0
        for all login attempts, or the number of days from
        1
        to
        7
        .
      • Enter the number of incorrect login attempts allowed in
        Block logins after consecutive incorrect passcodes
        between
        1
        and
        30
        .
        Save
        your settings.
    Administrators will see this authentication message after entering their SaaS Security credentials.

Recommended For You