MFA for Cloud Applications
Why you need MFA for your Cloud Applications
Cloud applications can be accessed from anywhere through a simple browser on a laptop, a tablet, and even a smartphone. This is extremely convenient. The downside is that anyone finding (i.e guessing, hacking, eavesdropping, phishing…) a valid user password has a complete access to that user account and to all the information contained in that account (documents, transactions, customer contacts …). Someone taking over a user account can also impersonate that user, fool his contacts, and make transactions on his behalf. Ouch.
As a domain administrator or a security professional, you have two options: ask users to change their passwords very often and to use complex passwords such as d0*#g17!bk. Or use a frictionless 2FA solution adding a layer of security that defeats attackers, even if they know the user password. With 2FA, passwords can be much simpler, without risk. Guess which option users prefer, and which one you can realistically expect them to use.
Does inWebo MFA work for my Cloud Applications?
Most certainly. Over the years, our partners and our customers have implemented inWebo 2-factor solutions with Cloud applications, including Slack, Box, Office 365, Salesforce, G Suite, Webex, DocuSign, NewRelic, and probably many more we’re not even aware, since our SAML 2.0 connector works out-of-the-box.
inWebo 2FA for Cloud Applications
At sign-in to a cloud application account with inWebo 2FA, the legitimate user has to confirm that she initiated the access request. This can be done by entering a one-time code received in a short-text or generated with the inWebo Authenticator App or, more conveniently, simply by confirming the access request in the inWebo Authenticator App or even in the browser where the connection takes place, making the whole process frictionless even for users who don’t have a work phone (see inWebo 2FA options for more details).
How to implement 2FA for Cloud Applications
It’s quite straightforward:
- First, create an inWebo account for your organization (you can start below).
- Then, configure both this account and your cloud application domain to trust each other. Most, if not all business applications support SAML 2.0, therefore you can configure your domain as a SAML2.0 Relying Party (RP) and your inWebo account as a SAML 2.0 Identity Provider (IdP). Here’s a specific example of how to do that for Salesforce.com, but it’s basically always the same. Alternatively, if you have federated your cloud applications using an IAM (Identity and Access Management) or a SSO (Single Sign-On) solution such as Ping, Forgerock, ADFS, Shibboleth, Gluu or others, then you should configure this IAM or SSO solution as the Relying Party instead (see the page 2FA for IAM).
- Finally, adjust the authentication policies and user on-boarding rules from the inWebo administration console.
There’s no server or proxy to install and configure, therefore you will save 2 days for other projects. Also, since SAML 2.0 works with a browser redirection, the sign-in page is provided by inWebo and we made sure to design this page to automatically support the authentication methods that you authorize from the administration console. Finally, please note that our pre-sales and support engineers are here to help if you face any difficulty.
Google Authenticator or inWebo MFA?
Tough question. However, here are the 2 main reasons why you should prefer the latter over the former:
- Vendor lock: inWebo MFA is more universal and supports a lot more applications. Not only other SaaS applications (including Office 365, G Suite), but also VPN, remote access, SSO, CMS, Windows Logon…
- Convenience: inWebo MFA uses cellphones and smartphones (SMS OTP, offline OTP, push OTP), but also browsers, thus making the whole process frictionless, including for users who don’t have a work phone.
It’s your turn. You may
- Sign up for free for a basic account (15 user licences) and start implement inWebo MFA for your cloud applications(s). You’ll be able to upgrade this account at any time to get more licences or options. Nothing to lose but an item on your to-do-list.
- Evaluate inWebo for free and without commitment for 30 days. This sounds like the procrastinator package but actually MFA is a serious topic and no one will blame you for taking your time to make sure that inWebo is the right fit. Note that we have project management, consulting, and integration partners trained in our solutions whom you can ask for an evaluation and a PoC.
- Request a customized demo. We’ll be happy to show and explain the basics of our solution and answer your questions.