This article explains how the MFA(Multi Factor Authentication) works in the Adonis Cloud

Content in this article

1 Introduction
2 Logging on with MFA
- 2.1 Selecting another MFA method than the default
3 Choosing/Registering the MFA methods to use
- 3.1 Register for multiple methods(recommended)
- 3.2 Register your desired MFA methods
4 Registering for a specific MFA methods
- 4.1 Change or modify your registered MFA methods

Introduction

In today’s world, only using a username and password is no longer considered secure. Passwords may be guessed, or virus/malware may log keystrokes and send them to the malware author (or another place).

Previously, frequent password changes have been used to address or limit the impact of username/password combinations in the wrong hands, as it reduces the time they are valid and can be used. Frequent password changes often result in the users choosing a weaker password or using repeating patterns when choosing the password(which again may be more easily guessed). Frequent password changes do not protect against misuse while the password is still valid.

To address this, multifactor authentication (often called 2-factor authentication - 2FA) is implemented. The factors are divided into 3 categories

Something you know (like username and password or an answer to a question)
Something you have (like a cell phone, a mail account, a smartcard, or a physical key)
Something you are (Facial recognition, fingerprint, iris scan)

With 2FA, you have a factor from 2 of these 3 categories. With MFA you have a factor from at least 2 of these 3 categories.

For instance, if the 2FA is based on a cell phone and a password, it is not enough to steal your cell phone or know your password to gain access. Both are required, which is much less likely to happen.

Logging on with MFA

Please see instructions below for how to sign-up for your chosen MFA method.

If you have a username/password as the primary authentication and a code either from the authenticator app or sent by SMS or mail, the login process will be as follows in this chapter.

Connect to the Adonis Cloud as described in the document How to connect to Adonis Cloud
Enter your Adonis Cloud account username.

Enter your password.

Add the code from the Authenticator app, or that you received on SMS or mail (all depending on the MFA method you have chosen to use, which is based on entering a code)

Selecting another MFA method than the default

If you for this login rather want to use one of the other MFA methods you have registered for(than the default one):

Click the “Sign in another way“ link.

This will list the MFA methods that are currently available for you to use.

In this example, I have registered to use and can choose to either

Wse a verification code from the authenticator app.
Or I can receive an SMS with a code to the cell phone I have registered with that ends with the 2 digits shown after the “+xx xxxxxx”.
Or I can be called on one of the 2 phone numbers I have registered to use (identified by the 2 last digits after “+xx xxxxxx” on each item).

Choosing/Registering the MFA methods to use

Available authentication methods are

Windows Hello for Business (primary, secondary MFA)
Microsoft Authenticator App (primary, secondary)
FIDO2 security key (primary, secondary MFA)
OATH hardware tokens (secondary)
OATH software tokens (secondary)
SMS (primary, secondary)
Voice call (secondary)
Passwords (primary)

“Primary” can be used for primary authentication, “secondary” can be used for secondary authentication, “secondary MFA” can be used for secondary authentication only for MFA not for self-service password reset

Register for multiple methods(recommended)

We recommend that you register for several MFA methods that you can use. This way, in case there is an issue with your preferred MFA method, you may choose to use one of the other MFA methods you have registered for. For instance, if your preferred method is based on your cell phone, and you have forgotten your cell phone or it is damaged, you may still be able to log on using one of the other MFA methods you have registered for that is not depending on this cell phone (for instance mail to a mail account you have chosen to use as a factor for your MFA).

A typical registration would be to use a password as the primary authentication and Microsoft Authenticator App for secondary authentication.

Register your desired MFA methods

Start to log on to your Adonis Cloud account with your username and password. You will be presented with a window that requests more information.

Click Next.
Choose the MFA method you would like to use

Follow the instruction on the screen specific to that MFA method.

Registering for a specific MFA methods

Change or modify your registered MFA methods

Open an incognito(in-private) window in your web browser.
Go to https://mysignins.microsoft.com/security-info

Click “+ Add sign-in method” to add a new MFA method.
Click “Change” on one of the methods to change that registered method's setup.
Click “Delete” on one of the methods in order to remove the use of that method.
Click “Change” on the default sign-in method, to change which sign-in method is the default one.

Knowledge Base

Adonis Cloud MFA(Multi Factor Authentication)