We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
Accept
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus
Barracuda Cloud Control
Overview Documentation Materials

Understanding Multi-Factor Authentication in Barracuda Cloud Control

  • Last updated on

Multi-factor authentication (MFA), also known as two-factor authentication, is a security feature that requires two forms of authentication to access Barracuda Cloud Control. When enabled, MFA provides an extra layer of security to your account. Even if the user's login credentials are stolen, without the trusted device, the attacker is unable to access the account. And if the user's device is taken, the attacker cannot access the account without the login credentials.

For security purposes, Barracuda Networks recommends that users lock their multi-factor authentication (MFA) enabled devices with a personal identification number (PIN).

Administrator-Enabled MFA

MFA is Optional by default, allowing the account administrator to determine whether to enable MFA through the Admin > Options page:

  mfa_required.png

When enabled, all users associated with this account (or accounts that administer it) are required to log in using MFA.

When set to Required, you are immediately required to configure MFA.

Authentication

When MFA is enabled, users are sent an email to inform them that they are required to use MFA, including mobile device requirements and instructions on installing the Barracuda Cloud Control iOS app, the Google Authenticator, or Duo Mobile authentication tool. When the user attempts to log in, in addition to their login credentials, they are prompted to enter a secondary token in the Authentication Code field:

user_login.png

To access the secondary token, the user enters their login credentials, and then clicks Sign In. The user is then presented with the Secret Code and barcode on the Home > My Profile page:

my_profile.png

mfa_auth.png

The user can either copy the Secret Code and paste it into the Authentication Code field on the login screen, or using Barracuda iOS Mobile app, Google Authenticator, or Duo Mobile on a mobile device, scan the barcode presented on-screen. A one-time login token, also known as a time-based one-time password (ToTP), generates. The user enters the one-time generated ToTP in the Authentication Code field on the login screen, along with their login credentials, to access Barracuda Cloud Control. Because the ToTP regenerates every 30 seconds, the user must enter the code immediately. If the user enters an expired login token, authentication fails and the user must regenerate and enter a new ToTP. 

Users can shake the device even when logged out of the application to get a list of MFA tokens configured through the application.

User-Enabled MFA

When Multi-Factor Authentication is set to Optional, users can select whether to use MFA when logging into Barracuda Cloud Control using the settings on their Home > My Profile page, located under their username.

For more information, refer to Adding MFA Devices in Barracuda Cloud Control.

 

 

Last updated on