What is Multi-Factor Authentication?
Multi-Factor Authentication (MFA) is a security system that verifies a user’s identity by requiring multiple credentials. In CAKE, the first form is the username and password, and the second form is the unique code generated by an application on the user's mobile device. MFA is only for employees of the CAKE network not for partners like Affiliate, Advertisers, or Buyers.
Multi-Factor Authentication Best Practice and Setup
Downloading the Authentication App
Users can choose either the Google Authenticator or the Microsoft Authenticator mobile applications. Follow the links below to download the authentication app that is required to setup MFA.
- Google Authenticator
- Microsoft Authenticator
Best Practices for rolling out MFA for your network
Before you enable the Enable Multi-Factor Authentication setting its best practice to execute the steps below in the
- Download the Authenticator app on your mobile device.
- Establish an internal release date.
- Communicate that all employees must download the mobile application before the internal launch date. Note the communication should be focused on employees since Affiliates, Advertisers, and Buyers are not impacted by the Enable Multi-Factor Authentication setting.
- Enable the Enable Multi-Factor Authentication setting on the internal release date.
Upon next login attempt all employees will be prompted with the Setup MFA Code Screen.
- Scan the image with the Mobile App on your phone
- Enter the 6 digit code from the mobile application
- Hit Submit button
- You should be logged in successfully
- You have successfully setup MFA for your account!
All employee contacts login attempts moving forward will require the 6 digit code after the username and password is entered.
If are you redirected back to the login screen that means that either the username-password combination or the MFA code is not correct user will be redirected back to the login page with an invalid login message. All of the following username, password, and MFA code must be correct in order to login once the global setting has been enabled.
Enable MFA
Once you enable Multi-Factor Authentication users will need to use the second form of authentication to login into your CAKE instance. Please be sure to let all employee's know prior to enabling this feature as it will force users to setup MFA on their mobile device.
- Setup MFA Code Screen is only displayed to users who have not set up MFA yet. This screen is displayed after they have provided their username and password. If either the username and password or the MFA code is incorrect the user will be redirected back to the login screen with a generic message saying the login was invalid. Setup MFA Code Screenshot
Provide MFA Code
- Provide MFA Code Screen is displayed to users who have successfully set up MFA for their account. If either the username and password or the MFA code is incorrect the user will be redirected back to the login screen with a generic message saying the login was invalid. MFA code screenshot
Recover Account vs. Change Password
- Contact Card > Recover Account button has been added to allow users to recover an account in the event that a user is unable to login. Clicking Recover Account clears the Username, Password, and MFA Code. This will require users to set a new password and set up MFA again. If you wish to only reset the user's password but not the MFA device, you can click the Reset Password/Change Password button. Note that Change Password is only displayed on your contact card.
- A new system Alert for Login From New IP/Device, this alert will be sent to users who have logged in from a new location or device. A simple email informing the user of the login IP and Device.