NetCloud Manager (NCM) Multi-Factor Authentication (MFA) (SSO Login Method)
Products Supported: All Current Series 3, CBA750, CBA250, CTR500, MBR1000, MBR800, MBR900, & MBR1200 router models. Click here to identify your router.
Multi-Factor Authentication (MFA) adds a layer of security to Cradlepoint's NetCloud Manager (NCM) by requiring more than one form of authentication. Cradlepoint's implementation incorporates a one-time password (OTP) so that the two factors are something you know (the standard password) and something you have (OTP technology tied to, for example, a mobile phone).
More specifically, Cradlepoint Multi-Factor Authentication uses TOTP (Time-Based One-Time Password Algorithm). To enable MFA, you must first set up a TOTP application, such as Google Authenticator or Microsoft's Authenticator, on a mobile phone or other device.
Most TOTP applications send a new password every 30 seconds.
Click here for NetCloud Manager (NCM) Multi-Factor Authentication for legacy NCM accounts.
Note: Multi-Factor Authentication (MFA) is not currently supported for NetCloud Perimeter Client authentication.
Configuration Difficulty: Intermediate
Set up a TOTP application:
Our MFA implementation requires a TOTP application (Time-Based One-Time Password Algorithm – see RFC 6238). Set up a TOTP application on your mobile phone or other device to enable MFA. There are many of these applications available, including the following:
Choose a TOTP application and set it up on your device following the instructions for that application. We've done a majority of our testing with Google Authenticator on a mobile phone, but other tools may work just as well (if not better).
Sync your TOTP application with your NCM account:
Once you have a TOTP application enabled on your cell phone or other device, log into Cradlepoint NetCloud Manager to set up Multi-Factor Authentication for your NCM account.
1. In the top-right corner, click on your username. In the dropdown menu that displays, click on Profile:
2. Click on the Set Up MFA Device button on the Profile page.
3. Complete the following steps on the Enable MFA screen:
Step 1 - Set up a TOTP application on your mobile phone or other device.
Step 2 - Connect your application with your NCM account, either by scanning the QR code that displays or by entering a manual configuration key.
Step 3 - Finally, input the authentication code provided by your TOTP application and click Finish.
Log in with MFA:
1. Once you have MFA enabled, go to the Cradlepoint NetCloud Manager page to log in. Enter your email address and password, and then click the
Log In button.
2. The Multi-Factor Authentication login page displays after successfully logging in with your email address and password credentials.
3. Open your TOTP application on your smartphone or other device – this reveals a six-digit authentication code for one-time use. You will use this
authentication code for your MFA token.
4. Input this code into the MFA token field on the Multi-Factor Authentication login page, and then click the Log In button to log in to NCM with MFA.
Disable MFA for your account
If you enable MFA for your own account, you may disable it by using the following steps:
1. Log in to your NCM account, click the drop-down menu next to your username at the upper-right, and then select Profile
2. Click the Clear MFA Token
button on the Profile
3. Confirm that you want to disable multi-factor authentication by clicking Yes
on the Remove MFA Device
4. Click the OK
button on the Success
dialog to complete the deactivation of MFA for your account logins.
Note: Users may also disable MFA by using the Edit User dialog on the Accounts & Users page.
What if I can't log in?
If you lock yourself out of your NCM account that uses MFA, an user with NCM administrator privileges can disable MFA on your account. NCM administrators can use the following steps to disable MFA on a user account.
1. Log in to your NCM account, and then click on the Accounts & Users tab.
2. Select the desired user and then click on the Edit button in the top toolbar.
3. Click on the Clear MFA Token button on the Edit User page to remove the MFA requirement for this user.
4. Confirm that you want to disable multi-factor authentication.
5. Click the OK button on the Success dialog to complete the deactivation.
After completing the MFA deactivation, the Edit User page displays the text Multi-factor authentication is currently disabled for this user.
Published Date: 07/13/2017
This article not have what you need? Not find what you were looking for? Think this article can be improved? Please let us know at firstname.lastname@example.org.