Enterprise Cloud Manager (ECM) Multi-Factor Authentication (Legacy Login Method)
Products Supported: All Current Series 3, CBA750, CBA250, CTR500, MBR1000, MBR800, MBR900, & MBR1200 router models. Click here to identify your router.
Multi-Factor Authentication (MFA) adds a layer of security to Cradlepoint Enterprise Cloud Manager (ECM) by requiring more than one form of authentication. Cradlepoint's implementation incorporates a one-time password (OTP) so that the two factors are something you know (the standard password) and something you have (OTP technology tied to, for example, a mobile phone).
More specifically, Cradlepoint Multi-Factor Authentication uses TOTP (Time-Based One-Time Password Algorithm). To enable MFA, you must first set up a TOTP application, such as Google Authenticator or Microsoft's Authenticator, on a mobile phone or other device.
Most TOTP applications send a new password every 30 seconds.
Click here for Enterprise Cloud Manager (ECM) Multi-Factor Authentication for SSO ECM accounts.
Configuration Difficulty: Intermediate
Setting up a TOTP application:
Our MFA implementation requires a TOTP application (Time-Based One-Time Password Algorithm – see RFC 6238). Set up a TOTP application on your mobile phone or other device to enable MFA. There are many of these applications available, including the following:
Choose a TOTP application and set it up on your device following the instructions for that application. We've done a majority of our testing with Google Authenticator on a mobile phone, but other tools may work just as well (if not better).
Syncing your TOTP application with your ECM account:
Once you have a TOTP application enabled on your cell phone or other device, log into Cradlepoint Enterprise Cloud Manager to set up Multi-Factor Authentication for your ECM account.
In the top-right corner, click on your username. In the dropdown menu that appears, click on Settings:
In the popup window that appears, click on the Set Up MFA Device button:
- This opens up another window that walks you through the steps to enable MFA:
Step 1 - Set up a TOTP application on your mobile phone or other device.
Step 2 - Connect your application with your ECM account, either by scanning the QR code that displays or entering a manual configuration key.
Step 3 - Finally, input the authentication code provided by your TOTP application and click Finish.
Logging in with MFA:
Once you have MFA enabled, go to the ECM page to log in. Enter your username and password as usual, and then click on the checkbox labeled "I have an MFA token".
Open your TOTP application on your smartphone or other device – this reveals a six-digit authentication code for one-time use.
Input this code into the MFA token field. Then click on the Login button.
What if I can't log in?
If you lock yourself out of your ECM account with MFA, a top-level administrator can disable MFA on your account.
To disable MFA for a locked-out user, click on the Accounts & Users tab.
Select the desired user and then click on the Edit button in the top toolbar.
In the popup window that appears, there is a section labeled "Multi-Factor Authentication Settings". Click on the Disable button to remove the MFA requirement for this user:
Published Date: 09/02/2016
This article not have what you need? Not find what you were looking for? Think this article can be improved? Please let us know at email@example.com.