How Do I Set Up MFA: CW Automate Best Practices

How Do I Set Up MFA: CW Automate Best Practices

Since the release of ConnectWise Automate version 2020.1 in January of 2020, multi-factor authentication (MFA) has been enabled by default for all users not setup to use single sign-on (SSO).  In an increasingly hostile online environment, adding more security measures is never a bad business decision.  

The simplest way to utilize MFA within Automate is to ensure that each user has an email address associated with their account. When attempting to log in, a verification token will be sent to the user’s email address and then will expire after 5 minutes. The user can then enter that token on the login screen to access Automate. 

The MFA setup we prefer, and would consider best practice, is a third-partygoogle authenticator add authentication solution like Google Authenticator or Duo. These solutions provide a higher level of security because they are tied to a user’s device, not an account, and the MFA code changes every 30 seconds. Both authenticators have supported third-party plugins that can be downloaded from the solution center for free.  

Once installed, you can find the configuration settings in the system dashboard under the Config > Integration tab. Here you can enable MFA system wide or on a user-by-user basis. Once it has been enabled, it will send all selected users and email to setup the MFA code in their respective smartphone app. Now when trying to login, users will enter the MFA code that their Authenticator app displays instead of an emailed code. 

scn_cc_dashboard_config_integration_tab.png

Should someone ever lose or change devices that they used for Google Authenticator or Duo, there is a quick fix. Back in the configuration settings, you can resend the authenticator credentials email for any user that needs the MFA codes on a new device. 

For businesses that are using the SSO service, this can be setup with CW proprietary MFA or other third-party authentication providers like Azure. This can be setup through ConnectWise Home and will enable MFA across the whole lineup of integrated ConnectWise services. 

As always, If you are looking to learn more on all things CW Automate best practices ProVal Tech has got your back: ConnectWise Automate Consulting!