Knowledge Base

 
Reset Search
 

 

Article

NetCloud Manager (NCM) Multi-Factor Authentication

« Go Back

Information

 
Content

NetCloud Manager (NCM) Multi-Factor Authentication (MFA) (SSO Login Method)

Products Supported: All Current Series 3, CBA750, CBA250, CTR500, MBR1000, MBR800, MBR900, & MBR1200 router models. Click here to identify your router.

 


Quick Links

Summary

Configuration

    Set up a TOTP application
    Sync your TOTP application with your NCM account
    Log in with MFA

Disable MFA for your account

Troubleshooting

Related Articles


Summary

Multi-Factor Authentication (MFA) adds a layer of security to Cradlepoint's NetCloud Manager (NCM) by requiring more than one form of authentication. Cradlepoint's implementation incorporates a one-time password (OTP) so that the two factors are something you know (the standard password) and something you have (OTP technology tied to, for example, a mobile phone).

More specifically, Cradlepoint Multi-Factor Authentication uses TOTP (Time-Based One-Time Password Algorithm). To enable MFA, you must first set up a TOTP application, such as Google Authenticator or Microsoft's Authenticator, on a mobile phone or other device.

Most TOTP applications send a new password every 30 seconds.

Click here for NetCloud Manager (NCM) Multi-Factor Authentication for legacy NCM accounts.

Note: Multi-Factor Authentication (MFA) is not currently supported for NetCloud Perimeter Client authentication.


Configuration

Configuration Difficulty: Intermediate

Set up a TOTP application:

Our MFA implementation requires a TOTP application (Time-Based One-Time Password Algorithm – see RFC 6238). Set up a TOTP application on your mobile phone or other device to enable MFA. There are many of these applications available, including the following:

Choose a TOTP application and set it up on your device following the instructions for that application. We've done a majority of our testing with Google Authenticator on a mobile phone, but other tools may work just as well (if not better).

Sync your TOTP application with your NCM account:

Once you have a TOTP application enabled on your cell phone or other device, log into Cradlepoint NetCloud Manager to set up Multi-Factor Authentication for your NCM account.

1. In the top-right corner, click on your username. In the dropdown menu that displays, click on Profile:

admin user profile

2. Click on the Set Up MFA Device button on the Profile page.

User-added image

3. Complete the following steps on the Enable MFA screen:
 
Step 1 - Set up a TOTP application on your mobile phone or other device.
Step 2 - Connect your application with your NCM account, either by scanning the QR code that displays or by entering a manual configuration key.
Step 3 - Finally, input the authentication code provided by your TOTP application and click Finish.
 
          User-added image

Log in with MFA:

1. Once you have MFA enabled, go to the Cradlepoint NetCloud Manager page to log in. Enter your email address and password, and then click the     
    Log In button.

          NCM login screen

2. The Multi-Factor Authentication login page displays after successfully logging in with your email address and password credentials.

NCM login screen - enter MFA token.

3. Open your TOTP application on your smartphone or other device – this reveals a six-digit authentication code for one-time use. You will use this       
    authentication code for your MFA token.

          TOTP generating MFA tokens

4. Input this code into the MFA token field on the Multi-Factor Authentication login page, and then click the Log In button to log in to NCM with MFA.

Disable MFA for your account

If you enable MFA for your own account, you may disable it by using the following steps:

1. Log in to your NCM account, click the drop-down menu next to your username at the upper-right, and then select Profile.
2. Click the Clear MFA Token button on the Profile page.
 
Clearing a non-forced MFA token
 
3. Confirm that you want to disable multi-factor authentication by clicking Yes on the Remove MFA Device dialog.
 
confirm mfa deactivate
 
4. Click the OK button on the Success dialog to complete the deactivation of MFA for your account logins.
 
mfa successfully disabled
 
   Note: Users may also disable MFA by using the Edit User dialog on the Accounts & Users page.

Troubleshooting

What if I can't log in?

If you lock yourself out of your NCM account that uses MFA, an user with NCM administrator privileges can disable MFA on your account. NCM administrators can use the following steps to disable MFA on a user account.

1. Log in to your NCM account, and then click on the Accounts & Users tab.

           User-added image

2. Select the desired user and then click on the Edit button in the top toolbar.

          User-added image

3. Click on the Clear MFA Token button on the Edit User page to remove the MFA requirement for this user.

          NCM - edit a user's settings

4. Confirm that you want to disable multi-factor authentication. 

User-added image


5. Click the OK button on the Success dialog to complete the deactivation.

User-added image


After completing the MFA deactivation, the Edit User page displays the text Multi-factor authentication is currently disabled for this user.

User-added image


Related Articles/Links


Published Date: 07/13/2017

This article not have what you need?  Not find what you were looking for?  Think this article can be improved?  Please let us know at suggestions@cradlepoint.com

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255