NetCloud Manager (NCM) Multi-Factor Authentication (MFA) (SSO Login Method)
Products Supported: All Current Series 3, CBA750, CBA250, CTR500, MBR1000, MBR800, MBR900, & MBR1200 router models. Click here to identify your router.
Multi-Factor Authentication (MFA) adds a layer of security to Cradlepoint's NetCloud Manager (NCM) by requiring more than one form of authentication. Cradlepoint's implementation incorporates a one-time password (OTP) so that the two factors are something you know (the standard password) and something you have (OTP technology tied to, for example, a mobile phone).
More specifically, Cradlepoint Multi-Factor Authentication uses TOTP (Time-Based One-Time Password Algorithm). To enable MFA, you must first set up a TOTP application, such as Google Authenticator or Microsoft's Authenticator, on a mobile phone or other device.
Most TOTP applications send a new password every 30 seconds.
Click here for NetCloud Manager (NCM) Multi-Factor Authentication for legacy NCM accounts.
Configuration Difficulty: Intermediate
Setting up a TOTP application:
Our MFA implementation requires a TOTP application (Time-Based One-Time Password Algorithm – see RFC 6238). Set up a TOTP application on your mobile phone or other device to enable MFA. There are many of these applications available, including the following:
Choose a TOTP application and set it up on your device following the instructions for that application. We've done a majority of our testing with Google Authenticator on a mobile phone, but other tools may work just as well (if not better).
Syncing your TOTP application with your NCM account:
Once you have a TOTP application enabled on your cell phone or other device, log into Cradlepoint NetCloud Manager to set up Multi-Factor Authentication for your NCM account.
In the top-right corner, click on your username. In the dropdown menu that appears, click on Profile:
In the popup window that appears, click on the Set Up MFA Device button:
- This opens up another window that walks you through the steps to enable MFA:
Step 1 - Set up a TOTP application on your mobile phone or other device.
Step 2 - Connect your application with your NCM account, either by scanning the QR code that displays or entering a manual configuration key.
Step 3 - Finally, input the authentication code provided by your TOTP application and click Finish.
Logging in with MFA:
Once you have MFA enabled, go to the Cradlepoint NetCloud Manager page to log in. Enter your username and password as usual, and then click on the checkbox labeled "I have an MFA token".
Open your TOTP application on your smartphone or other device – this reveals a six-digit authentication code for one-time use.
Input this code into the MFA token field. Then click on the Login button.
What if I can't log in?
If you lock yourself out of your NCM account with MFA, a top-level administrator can disable MFA on your account.
To disable MFA for a locked-out user, click on the Accounts & Users tab.
Select the desired user and then click on the Edit button in the top toolbar.
In the window that appears, the bottom section states "Multi-Factor Authentication is currently enabled for this user". Click on the Deactivate button to remove the MFA requirement for this user:
A popup window will ask for confirmation to deactivate MFA for the user, Select "Yes"
A popup window will confirm that MFA has successfully been removed from the user's account.
After clicking "OK" the user's account will now state "Multi-factor authentication is currently disabled for this user"
Published Date: 07/13/2017
This article not have what you need? Not find what you were looking for? Think this article can be improved? Please let us know at email@example.com.