Single Sign-On (SSO) solutions offer a comprehensive and secure method for managing user authentication. However, these solutions can be complex and costly to implement, making them less accessible to small and medium-sized businesses (SMBs) or individual users who may not have the resources or need to adopt an enterprise SSO system. As a result, these users remain vulnerable to the increasing risks associated with single-factor authentication methods.
To address this security gap and to provide flexible security options, we now offer Multi-Factor Authentication (MFA) for those who do not wish to implement enterprise SSO. By providing an accessible and cost-effective alternative, we can ensure enhanced account security, improved compliance to data protection, reduce the likelihood of unauthorized access, and offer a more inclusive security solution for everyone, regardless of their size or technical capabilities.
Enabling multi-factor authentication means that Cascade will now ask for an additional code, in addition to your email and password, while authenticating. This code will be generated by an authenticator app like Duo, Authy, Microsoft Authenticator, etc., that you can install on your phone.
Please note that, we support all standard mobile devices for enrolment that allow capturing of QR codes and are able to run an Authenticator app such as Microsoft Authenticator, Google Authenticator, Authy, etc.
Only "Admins" can enable MFA for your workspace from Admin > Workspace settings tab. Once enabled, this'll be active for all the users in that workspace.
-
From the Profile picture/initials, click Admin > Security tab. Toggle the button against MFA to enable MFA, and you'll see a prompt "MFA enabled successfully".
-
Once MFA is enabled in a workspace, the next time a user tries to login (social logins or using credentials), it'll check their enrollment status, and if not enrolled, will prompt them to set up MFA using a compatible device or application. That is, after you provide your mail address and password, it'll show up a QR code for scanning.
-
For the first time, you need to download and install an authentication app like Microsoft Authenticator, Authy, Google Authenticator, etc., on your phone. Using the app, scan the QR code.
-
Once the QR code is scanned, you'll see the one time password (OTP). Now, type the OTP, and click Continue to log in.
-
The next time you log in, you'll simply need to enter the new automatically generated code that appears on the authentication app. Every 30 seconds the code will renew itself, so make sure to enter it quickly.
-
Checking the Remember this device for 30 days will let your browser to remember your authentication information for a 30 day period, and will not prompt you to enter the OTP till then.
If you wish to disable MFA, you can toggle the button against MFA, and disable it. It'll be disabled for all the users in that workspace. You can then continue to just login the usual way without having to enter OTP for authentication.
FAQs
Can we enable MFA only for certain users in a workspace?
No, once enabled, it'll be active for all the users in that workspace.
If I'm using logging in through social logins, will I still have to go through the OTP authentication process?
2FA or MFA is used no matter the login type. Once enabled it is on for logging in via username/password, social login, SSO, etc.
If a user loses their mobile, and cannot authenticate with OTP, how to reset 2FA for them?
You need to contact us, and we'll reset the authentication for them. They can then do it again from a new device.
Should we enroll MFA with the authenticator app from every browser?
No, this is an one-time activity. If you're logging in from a different browser than the one from which you set it up, or incognito, all you need to do is just enter the OTP. Please note that, checking the Remember this device for 30 days is specific to browsers.
Having trouble logging in.
If you're having trouble logging in with MFA enrolled in your workspace, please contact us.