Configure Google Multi-Factor Authentication (MFA)
Enable Google MFA for account access to SaaS Security
to strengthen your security posture.
If your organization has not standardized
a SAML SSO for SaaS
Security administrator access, you can setup multi-factor authentication
(MFA) to strengthen your security posture. You must be a Super Admin
to set or change the authentication settings. When you enable MFA,
you protect your account by logging in with your password and a
unique verification code (sent to your phone via text, phone call,
or the Google mobile app).
Google MFA Authentication
is unavailable to SaaS Security instances set up after July 17, 2019.
- Configure your device for MFA.Your Android device must be running Android version 2.1 or later to use Google MFA. Your iPhone, iPod Touch, or iPad must have the latest operating system for your device, and your iPhone must be a 3G model or later in order to set up the app using a QR barcode.
- Log in to SaaS Security using your current credentials. ClickProceed to setup MFA.
- Installthe Google Authenticator app to your mobile device.
- Link your mobile device to your account on SaaS Security.
- UsingQR Barcode— Select BarcodeView. If the authenticator app cannot locate a barcode scanner app on your mobile device, you can download and install one. If you want to install a barcode scanner app so you can complete the setup, selectInstall, and then go through the installation process. After installation, reopen Google Authenticator, and point your camera at the barcode on your computer screen.
- UsingPrivate Key— Select Private KeyViewand then enter theprivate keyon your authenticator app.
- On theRegenerate Key?screen, clickOKto receive two consecutive passcodes to sync to the authenticator app.
- On SaaS Security, enter the two passcodes andSavethe setup.
- Read andAcceptthe End-User License Agreement (EULA).To test that the app is working, enter the verificationCodefrom your mobile device and thenVerify. A confirmation message will display if your code is correct.Saveto exit the setup. If your code is incorrect, try generating a new verification code on your mobile device, and then entering it in your computer.
- Configure MFA on SaaS Security.As aSuper Admin, you can change the Authentication settings for any account except your own. To change your Authentication settings, another Super Admin must configure your account.
- Select .
- Select anAuthenticationmethod:
- Local Authentication— Grants user access after successfully presenting a passcode pair or QR barcode evidence to the MFA mechanism.
- Single Sign-On— A single sign-onlogin event provides automatic access to multiple authenticated services, and a single logout event automatically ends the session for multiple services.
- Saveyour selection.
- Define the settings for local authentication.
- Enter the one-time password (OTP) prompt frequency in to0for all log in attempts, or the number of days from1to7.
- Enter the number of incorrect login attempts allowed inBlock logins after consecutive incorrect passcodesbetween1and30.Saveyour settings.
Administrators will see this authentication message after entering their SaaS Security credentials.
