MFA for endpoints

Identity360 ensures robust security by requiring MFA to verify logins. It can be enabled as the primary method for user authentication, enhancing protection for Identity360 portal, enterprise applications, Windows machines, RDP sessions, and UAC prompts. This ensures only authorized personnel with correct credentials can access and modify data, thereby bolstering overall security.

MFA for Identity360 & enterprise applications

MFA assists with safeguarding user accounts and data by requiring multiple forms of verification before granting access to the Identity360 portal and other applications. Admins can enable Identity360 authentication for users as the primary method of verification. If Identity360 authentication is not enabled, the product will use Zoho Accounts authentication.

Prerequisites for authentication through Identity360

  1. It is essential to configure at least one cloud directory—such as Azure AD or Salesforce—as the primary source for enabling MFA during Identity360 portal login. Learn how to set up a directory.
  2. The MFA and SSO license for Identity360 is required to enable MFA for portal login. For more details, refer to License Management.

Steps to enable MFA for Identity360 & enterprise applications

  1. Navigate to the Applications tab and go to Multi-factor Authentication > MFA for Endpoints.
  2. Check the Enable option to enable MFA for Identity360 & enterprise applications.
  3. Choose the first-factor authentication from the drop-down menu.
  4. Select the number of authentication factors for multi-factor authentication from the drop-down menu. Refer to the Authenticators Setup page for the list of supported authentication methods, and how to configure them.
  5. Choose the authenticators from the Choose Authenticators drop-down menu.
    6. MFA for endpoints

MFA for Windows machines

Identity360 offers MFA designed specifically for the Windows operating system. This ensures that users—when attempting Windows interactive login, RDP session, and UAC prompts—undergo a secondary authentication process, strengthening the security of these access points. This critical measure ensures that only authorized personnel, with the right credentials, can make significant changes to the system or access the data stored on the systems.

Prerequisites for enabling MFA for Windows logins

  1. Identity360 MFA supports Azure AD-joined devices and Azure AD hybrid-joined devices. Hence, it is essential to configure Azure AD in Identity360 to ensure seamless and secure MFA on your Windows devices. Learn how to set up Azure AD in Identity360.
  2. Identity360's MFA and SSO license is required to enable MFA for Windows login.
Actions AAD-joined devices AAD hybrid-joined devices
Interactive login Yes Yes
Unlock Yes Yes
UAC Yes Yes
RDP server No Yes
RDP client No Yes
Note: Azure registered devices are not supported as of now.

Steps to enable MFA for Windows machines

MFA configuration

  1. Navigate to the Applications tab and go to Multi-factor Authentication > MFA for Endpoints.
  2. Enable MFA for Windows machines by selecting the Enable option.
  3. Select the number of authentication factors from the drop-down menu available. Refer to the Authenticators Setup page for the list of supported authentication methods, and how to configure them.
  4. Choose the authenticators from the Choose Authenticators drop-down menu.
  5. In the Advanced Settings section, configure Windows actions such as RDP, UAC, machine logins, and other settings.
    6. MFA for endpoints

IDSecurity Agent deployment

  1. IDSecurity Agent should be installed on the necessary devices to enable MFA for endpoints. Learn how to install the agent manually.
  2. For bulk installations, explore comprehensive installation guides, including:

IDSecurity Agent Installation Key

The Installation Key authorizes the IDSecurity Agent to securely communicate with Identity360.

Steps to regenerate the Installation Key

Please regenerate a new Installation Key using the link in Identity360 admin portal if the current Installation Key is compromised. Follow these steps to regenerate a key:

  1. Log in to the Identity360 admin portal.
  2. Go to Applications > Multi-factor Authentication > Install IDSecurity Agent > Step 2 > Regenerate.
  3. After generating a new Installation Key, copy the command along with the new Installation Key from the Identity360 admin portal.
  4. Update the Installation Command field with the new command for all new installations.
Note:
  • Please treat the Installation Key like a password. It is sensitive information and must not be shared.
  • The generation of a new Installation Key will not affect the existing installations of the IDSecurity Agent on installed machines.
Navigate to Previous Previous Topic Next Topic Navigate to next

Copyright © 2024, ZOHO Corp. All Rights Reserved.