What is Multi-Factor Authentication?

Multi-Factor Authentication (MFA) is a security system that verifies a user’s identity by requiring multiple credentials. In CAKE, the first form is the username and password, and the second form is the unique code generated by an application on the user's mobile device. MFA is only for employees of the CAKE network not for partners like Affiliate, Advertisers, or Buyers.

CAKE is excited to announce a bundle of new features focused on security for our users. The major milestone in this release is Multi-Factor Authentication for network employees.  Did you know that MFA is the second most voted on idea in the CAKE idea portal?  Have ideas you would like to see built out, submit your ideas here.

What is being released?

Upon Release, the following updates will be available in your CAKE instance:

Security Sub-tab > Settings

CAKE has an entirely new section where you can manage all of your security settings for all portals of your CAKE instance.

  • Setup > Security sub-tab was added to house all of the security-centric settings in CAKE. We migrated settings from the Setup > Settings page to Setup > Security.
  • Within the Setup > Security sub-tab we have added the new security setting:  Enable Multi-Factor Authentication. When enabled all employee's roles will be required to set up MFA on their next successful login to the CAKE Admin Portal. For users who have set up MFA, they will be required to enter a code from a mobile application on their phone (this requires an Authentication Application which can be downloaded from either the iTunes or Android Store).  
  • Please note: Setup > Security > System Access sub-tab is only accessible to users who have MFA enabled on their system.  Please see below for instructions to setup MFA.

Security Sub-tab > System Access

  • Once authenticated via MFA, the Setup > Security > System Access sub-tab contains all features related to accessing your CAKE system:
    • IP Whitelist (previously found in the Other Lists section)
    • API keys (previously found in Permissions section)
    • Admin API Key has a Click to Show API Key Interaction
    • Admin API Key Aliases in order to name your API Keys how you want (for example where you are using specific keys)

Multi-Factor Authentication Best Practice and Setup

Best Practices for rolling out MFA for your network

Before you enable the Enable Multi-Factor Authentication setting its best practice to execute the steps below in the

  1. Download the Authenticator app on your mobile device.
  2. Establish an internal release date.
  3. Communicate that all employees must download the mobile application before the internal launch date. Note the communication should be focused on employees since Affiliates, Advertisers, and Buyers are not impacted by the Enable Multi-Factor Authentication setting.
  4. Enable the Enable Multi-Factor Authentication setting on the internal release date.

Upon next login attempt all employees will be prompted with the Setup MFA Code Screen.

  1. Scan the image with the Mobile App on your phone
  2. Enter the 6 digit code from the mobile application
  3. Hit Submit button
  4. You should be logged in successfully
  5. You have successfully setup MFA for your account!

All employee contacts login attempts moving forward will require the 6 digit code after the username and password is entered.

If are you redirected back to the login screen that means that either the username-password combination or the MFA code is not correct user will be redirected back to the login page with an invalid login message. All of the following username, password, and MFA code must be correct in order to login once the global setting has been enabled.

Enable MFA

Once you enable Multi-Factor Authentication users will need to use the second form of authentication to login into your CAKE instance. Please be sure to let all employee's know prior to enabling this feature as it will force users to setup MFA on their mobile device.

Setup MFA Code

  • Setup MFA Code Screen is only displayed to users who have not set up MFA yet. This screen is displayed after they have provided their username and password. If either the username and password or the MFA code is incorrect the user will be redirected back to the login screen with a generic message saying the login was invalid. Setup MFA Code Screenshot

Provide MFA Code

  • Provide MFA Code Screen is displayed to users who have successfully set up MFA for their account. If either the username and password or the MFA code is incorrect the user will be redirected back to the login screen with a generic message saying the login was invalid. MFA code screenshot

Recover Account vs. Change Password

  • Contact Card > Recover Account button has been added to allow users to recover an account in the event that a user is unable to login. Clicking Recover Account clears the Username, Password, and MFA Code. This will require users to set a new password and set up MFA again. If you wish to only reset the user's password but not the MFA device, you can click the Reset Password/Change Password button. Note that Change Password is only displayed on your contact card.
  • A new system Alert for Login From New IP/Device, this alert will be sent to users who have logged in from a new location or device. A simple email informing the user of the login IP and Device.

Downloading the Authentication App

Users can choose either the Google Authenticator or the Microsoft Authenticator mobile applications.  Follow the links below to download the authentication app that is required to setup MFA.