Frequently Asked Questions About Force Multifactor Authentication - manage-netcloud-access/Frequently-Asked-Questions-About-Force-Multifactor-Authentication

Managing Identities and Access for NetCloud
NetCloud Feature
Management > Users
ft:locale
en-US
ft:sourceName
Paligo_Prod
Document Type
Configuration Guide

1.

How does Force MFA work?

When a system admin or user admin enables Force MFA for their account, all users within the account structure will be required to use MFA when logging into their NetCloud account (this also applies to users in subaccounts). Once the feature has been enabled, users that do not have MFA enabled on their user profile are required to set up MFA at next login.

Note

Users that previously enabled MFA on their individual user profile will not have to set up MFA again once Force MFA is enabled on the account.

2.

How do users set up MFA once Force MFA is enabled?

Once Force MFA has been enabled on an account, when users attempt to log into NetCloud, they will be prompted to set up MFA prior to gaining access to their account. Steps for setting up MFA are as follows:

  1. Users will navigate to cradlepointecm.com (or accounts.cradlepointecm.com), enter their email address and password, and click the Log In button.

  2. Once they have successfully authenticated with their email address and password, users will be directed to a MFA Setup screen.

  3. Users will be prompted to set up and install a TOTP application on their mobile phone (or other supported device).

  4. Once a TOTP application has been installed, users will either need to scan the QR code that is generated on the screen or enter the manual configuration key that is displayed under the heading Option 2.

  5. After configuring the TOTP application successfully, users will be prompted to enter an authentication code into the Authentication Code text box and click the Finish button.

    Note

    Most authentication codes generated by TOTP applications expire within 10–30 seconds.

  6. After successfully finishing the MFA setup, users will be redirected back to the main NetCloud Manager login page and will need to reauthenticate with their email address and password.

  7. Once authenticated with their email address and password, users will be directed to an MFA screen and will be required to enter a valid MFA token prior to login. Once entered, users can click the Log In button.

3.

Can users disable MFA if Force MFA is enabled?

Users in an account that has Force MFA enabled cannot disable MFA for their specific user profile. Users that attempt to disable MFA on their profile by clicking Clear MFA Token will be required to reset MFA the next time they attempt to log into their NetCloud account.

4.

Can admins disable MFA for specific users once Force MFA is enabled?

Once Force MFA has been enabled on an account by a system admin or user admin, MFA cannot be disabled for individual users.

Note

Administrators can disable MFA for users within an account if Force MFA is not enabled.

When the user attempts to re-authenticate with NetCloud using their Email Address/Password, they will be prompted to re-set up MFA before logging in.

5.

How do users reset MFA on accounts that have Force MFA enabled?

If a user needs MFA set up again (when getting a new mobile device, for example), a user admin can clear the existing MFA token associated with the user's profile.

When the user attempts to re-authenticate with NetCloud using their Email Address/Password, they will be prompted to re-set up MFA before logging in.

  1. Log into NetCloud Manager.

  2. Select Account in the left-side navigation panel.

  3. Click the Users tab.

  4. Select a user.

  5. Click Edit.

  6. Click Clear MFA Token.

  7. Click Save.

6.

What if Force MFA is enabled and then disabled on an account?

If an account has Force MFA enabled, and a system admin or user admin disables the feature, all future users added to the account will not be required to set up MFA when setting credentials or logging into NetCloud Manager. All existing users that have MFA set up will continue to use MFA when logging into NetCloud Manager. A user, system admin, or user admin can disable MFA on a user profile once Force MFA is disabled.

7.

Can users still individually enable MFA if their account does not have Force MFA enabled?

Users still have the ability to enable and disable MFA on their individual user profile if Force MFA isn't enabled on the account.

8.

What if Force MFA is enabled on an account, and the system admin needs to set up MFA again?

If a system admin needs to set up MFA again (due to the user getting a new mobile device, for example), and there are no other user admins on the account, the user will need to contact Cradlepoint Support directly. Cradlepoint Support has the ability to clear the existing MFA token for the system admin and all other NetCloud Manager users. Once cleared, the system admin will be required to set up MFA again on their next login attempt.