MFA for Cloud Applications

Why you need MFA for Cloud Applications

 

Authentication is the only real protection for Cloud Applications accounts, like anything else in your IT that can be accessed online. Organizations have long thought that enforcing complex password policies was enough to protect online accounts but it is now widely accepted that users are better left out of the security equation. MFA is therefore the only efficient way to secure user authentication and in turn, to protect Cloud applications accounts.

How to add MFA to your Cloud applications

There are 2 main ways. If you have federated your Cloud application domain with a Single Sign-On or an Identity and Access Management solution, you should probably configure that SSO or IAM solution to enforce MFA (see here how to do that).

Alternatively you can configure your Cloud application tenant to delegate authentication to an IdP (identity provider) enforcing MFA. As an organization, you can manage that IdP and define its security policies. Depending on the Cloud application, this might be referred to as “activating SSO (single sign-on)”, as “configuring a SAML IdP”, or even as “federating your tenant”.

inWebo MFA for Cloud applications

inWebo works as an identity provider for G Suite. On the user side, this is compatible both with inWebo App-based and browser-based authenticators.

To implement inWebo MFA for one of your Cloud applications, you’ll simply need to create an inWebo account for your organization and to configure both this account and your Cloud application tenant to trust each other using SAML 2.0 (or OpenID Connect that very few Cloud business applications support). There’s no server or additional infrastructure to install and configure. Here is the step-by-step documentation. Our pre-sales and support engineers are here to help if you face any difficulty.

Over the years, our partners and our customers have implemented inWebo MFA with Cloud applications, including Slack, Box, Office 365, Salesforce, G Suite, Webex, DocuSign, NewRelic, and probably many more we’re not even aware, since our SAML 2.0 connector works out-of-the-box.

Google Authenticator or inWebo MFA?

The 3 main reasons why you should prefer the latter over the former:

  • Vendor lock: inWebo MFA is not tied to any application or vendor, it is universal and supports a lot more applications. Not only most applications (including Office 365 and G Suite), but also VPN, remote access, SSO, CMS, Windows Logon. Moreover, with inWebo, users only need one authenticator.
  • Convenience: inWebo MFA supports smartphones as authenticators, but also computers, tablets, and browsers, thus making the whole process frictionless including for users who don’t have a smartphone or don’t want to install IT applications on their personal phone.
  • Administration and security: while it seems pretty easy to add the support of Google Authenticator to a website with a couple of lines of code, a proper and secure administration of MFA for an Enterprise Cloud application is a completely different story. inWebo MFA is a turnkey solution that meets IT organizations’ complex administration requirements, not just a script to verify OTPs.