Enforcing Multi-Factor Authentication
Note
If you are having trouble creating a new Megaport account, or logging in to an existing account, see Megaport Portal Authentication FAQs.
This topic describes how a Company Admin can make it mandatory or optional for users to log in to the Megaport Portal with Multi-Factor Authentication (MFA). It also describes how to reset MFA for your users, and how to review the MFA status of all users in your company.
About Multi-Factor Authentication
There are various security risks associated with identity facing businesses. Employees using weak passwords, or the same passwords for multiple accounts, can leave organizations vulnerable to breaches and cyber criminal activity. Multi-Factor Authentication (MFA) can help organizations deal with these issues. It makes life easier for employees, allowing them to more easily manage their different accounts securely. It also gives administrators greater visibility and control over identity management, and helps organizations achieve legal compliance with data regulations.
MFA is an authentication method and security system that ensures all of your business accounts require more than one verification factor before they can be accessed. For example, a username and password, and a code from an authentication app. MFA is a core component of a strong identity and access management (IAM) policy, and provides an extra level of security for your Megaport Portal account. We recommend that you use the Google Authenticator app when securing your accounts with MFA.
Each user enables MFA for their Megaport Portal login, where required. They should install a login verification app (such as Google Authenticator) on their digital device (phone, tablet, computer, and so on). When users log in, they check the login verification app for the token or code that they need to enter as the additional factor.
When you enforce MFA as a Company Admin, your users must enable MFA on their login, if not already set up. They will not be able to log in to the Megaport Portal until they do so. MFA can also be set to optional globally for your company. In this situation, users have the option of using MFA or not when they log in to the Megaport Portal. For more information on enabling MFA for your user account and logging in, see Managing Your User Profile and Logging in to the Megaport Portal.
Note
It is not recommended to access Megaport APIs using MFA with a username, password, and token. Although this is technically possible, we recommend to instead use API keys as the preferred authentication method when utilizing Megaport APIs. If you currently have any user accounts being used for API, we recommend changing these to API keys before enforcing MFA. For more information, see Creating an API Key.
MFA benefits
The main benefit of MFA is that it enhances your organization’s security by requiring your users to identify themselves by more than a username and password. By themselves, usernames and passwords are vulnerable to cyber attacks and can be stolen by third parties. Enforcing the use of an additional verification factor such as a code from an authentication app increases the ability of your organization to remain safe from attacks from cyber criminals.
Full benefits of MFA include:
- Improved security
- Protection against unauthorized account access if credentials or devices are stolen
- Regulatory compliance
MFA and Single Sign-On (SSO)
MFA provides additional security to reduce the possibility of unauthorized access through stolen credentials, by requiring multiple authentication factors. SSO allows organizations to simplify and strengthen security because users can access all connected services with a single login. Both SSO and MFA can be set up and used together in the Megaport Portal to improve security.
Who can enforce MFA globally for an account?
To enforce MFA globally for an account, you must be a user with the Company Admin role within the account.
Important
- Before implementing MFA, make sure to prepare all users associated with your Megaport account by communicating what MFA is, why they need to select a verification method, and whether MFA is optional or required.
- Because enabling MFA can introduce new administrative responsibilities to support users, we highly recommend that you assign a minimum of two Company Administrators to help users troubleshoot and resolve authentication issues quickly.
- Megaport Support cannot reset MFA tokens on the customer’s behalf. Company Administrators will need to manage tokens.
These rules apply for the different types of Megaport Portal accounts:
| Account Type | Who Can Enforce MFA? |
|---|---|
| Direct | A Company Admin user can enforce MFA globally or make it optional. |
| Partner | A Company Admin user can enforce MFA globally or make it optional for their own partner account. A Company Admin user can enforce MFA globally or make it optional for any of their managed accounts. Note: Changing the MFA setting for one managed account does not impact any other managed accounts. |
| Managed | A Company Admin user can enforce MFA globally or make it optional for their own account. Note: Partners can change this setting if they are a Company Admin. |
| Distributor | A Company Admin user can enforce MFA globally or make it optional for their own account only. The MFA setting cannot be changed for any partner or managed accounts. |
Making MFA mandatory for users
As a Company Admin, changing your company’s global MFA preference from optional to enforced ensures that all users accessing your company in the Megaport Portal have MFA enabled and are securely logging in.
When you enforce MFA and make it mandatory, all of your users must enable MFA on their account login. They will not be able to log in to the Megaport Portal until they do so. Users who have not enabled MFA will be taken to a screen to set up MFA on their next login attempt. For more information on enabling MFA on your user account and logging in, see Managing Your User Profile and Logging in to the Megaport Portal.
To make MFA mandatory for users
-
Visit the Megaport Portal and log in.
-
Choose Company > Security Settings, then select Multi-Factor Authentication.
-
Click the slide button to ON.
A message is displayed stating that all users of your company will be asked to set up MFA during login.
-
Click Save.
MFA is now set to ON and enforced globally. After MFA has been enforced, you need to supply a valid token from the authenticator app every time you log in to the Megaport Portal, in addition to your email and password.
Making MFA optional for users
When you make MFA optional for your users, they can continue to log in to the Megaport Portal with MFA if they were already doing so, or can choose not to log in using MFA.
Note
Optional (OFF) is the default MFA setting, however MFA might have been enforced for your company at some stage. This task assumes that MFA is currently enforced (ON) and you want to change the setting back to Optional (OFF).
To make MFA optional for users
-
Visit the Megaport Portal and log in.
-
Choose Company > Security Settings, then select Multi-Factor Authentication.
-
Click the slide button to OFF.
A message is displayed stating that MFA can still be enabled on a per user basis.
This does not change the MFA status for individual users. If a user already has MFA enabled, then it will continue to be enabled after this change.
-
Click Save.
MFA is now set to OFF.
Resetting MFA for your users
The MFA setting of individual users can be reset. As a Company Admin, you might need to do this so that a user can enroll a new device. This disables the previous MFA code and the user will be asked to enable MFA again the next time that they log in to the Megaport Portal.
You can reset MFA for your users if:
- Global MFA is enforced
- Global MFA is optional, but the user has MFA enabled
- The user has previously set up MFA
To reset MFA for a user
-
Visit the Megaport Portal and log in.
-
Choose Company > Manage Users.
-
Click
(Edit) for the required user.
-
Click Reset in the Multi-Factor Authentication area.
A confirmation prompt is displayed. The user account for which you are resetting MFA must be a real user and not set up for any automated process, because the user will need to log in again and enable MFA for the account. -
Click OK.
-
Click Close to close the Edit User screen.
The next time that the user logs in to the Megaport Portal, they will need to enable MFA again. For more information, see Logging in after MFA has been reset for your profile.
Reviewing the MFA status of your users
As a Company Admin, you can view the roles and MFA settings of all users in your company. This allows you to quickly review the MFA status of all users in your company.
These MFA options are displayed:
-
Optional/Set – The global company MFA setting is Optional and the user has MFA enabled.
-
Optional/Not Set – The global company MFA setting is Optional and the user does not have MFA enabled.
-
Enforced/Set – The global company MFA setting is Enforced and the user has logged in and successfully enabled MFA for their account.
-
Enforced/Not Set – The global company MFA setting is Enforced and the user has not logged in and completed their MFA setup, or has initiated login but did not successfully complete the MFA setup, in which case they will be shown the MFA setup screen until successfully enabling MFA for their account.
To review the MFA status of your users
-
Visit the Megaport Portal and log in.
-
Choose Company > Manage Users.
-
The Role column shows the role that the user has within the company, and the MFA column shows the MFA status of the user’s account. Click the up and down arrows next to the column name to sort by user role or MFA status.