Knowledge Base

 
Reset Search
 

 

Article

NetCloud Manager (NCM) Multi-Factor Authentication (SSO Login Method)

« Go Back

Information

 
Content

NetCloud Manager (NCM) Multi-Factor Authentication (MFA) (SSO Login Method)

Products Supported: All Current Series 3, CBA750, CBA250, CTR500, MBR1000, MBR800, MBR900, & MBR1200 router models. Click here to identify your router.

 


Quick Links

Summary

Configuration

Troubleshooting

Related Articles


Summary

Multi-Factor Authentication (MFA) adds a layer of security to Cradlepoint's NetCloud Manager (NCM) by requiring more than one form of authentication. Cradlepoint's implementation incorporates a one-time password (OTP) so that the two factors are something you know (the standard password) and something you have (OTP technology tied to, for example, a mobile phone).

More specifically, Cradlepoint Multi-Factor Authentication uses TOTP (Time-Based One-Time Password Algorithm). To enable MFA, you must first set up a TOTP application, such as Google Authenticator or Microsoft's Authenticator, on a mobile phone or other device.

Most TOTP applications send a new password every 30 seconds.

Click here for NetCloud Manager (NCM) Multi-Factor Authentication for legacy NCM accounts.


Configuration

Configuration Difficulty: Intermediate

Setting up a TOTP application:

Our MFA implementation requires a TOTP application (Time-Based One-Time Password Algorithm – see RFC 6238). Set up a TOTP application on your mobile phone or other device to enable MFA. There are many of these applications available, including the following:

Choose a TOTP application and set it up on your device following the instructions for that application. We've done a majority of our testing with Google Authenticator on a mobile phone, but other tools may work just as well (if not better).

 

Syncing your TOTP application with your NCM account:

Once you have a TOTP application enabled on your cell phone or other device, log into Cradlepoint NetCloud Manager to set up Multi-Factor Authentication for your NCM account.

  • In the top-right corner, click on your username. In the dropdown menu that appears, click on Profile:
    User-added image

  • In the popup window that appears, click on the Set Up MFA Device button:
    User-added image

  • This opens up another window that walks you through the steps to enable MFA:
          User-added image

Step 1 - Set up a TOTP application on your mobile phone or other device.
Step 2 - Connect your application with your NCM account, either by scanning the QR code that displays or entering a manual configuration key.
Step 3 - Finally, input the authentication code provided by your TOTP application and click Finish.

 

Logging in with MFA:
Once you have MFA enabled, go to the Cradlepoint NetCloud Manager page to log in. Enter your username and password as usual, and then click on the checkbox labeled "I have an MFA token".
          User-added image

Open your TOTP application on your smartphone or other device – this reveals a six-digit authentication code for one-time use.
          User-added image

Input this code into the MFA token field. Then click on the Login button.


Troubleshooting

What if I can't log in?

If you lock yourself out of your NCM account with MFA, a top-level administrator can disable MFA on your account.

To disable MFA for a locked-out user, click on the Accounts & Users tab.
           User-added image

Select the desired user and then click on the Edit button in the top toolbar.
          User-added image

In the window that appears, the bottom section states "Multi-Factor Authentication is currently enabled for this user". Click on the Deactivate button to remove the MFA requirement for this user:
          User-added image
A popup window will ask for confirmation to deactivate MFA for the user, Select "Yes" 

User-added image
A popup window will confirm that MFA has successfully been removed from the user's account.

User-added image

After clicking "OK" the user's account will now state "Multi-factor authentication is currently disabled for this user"

User-added image

 


Related Articles/Links


Published Date: 07/13/2017

This article not have what you need?  Not find what you were looking for?  Think this article can be improved?  Please let us know at suggestions@cradlepoint.com

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255