Support for time-based two-factor authentication for Fedramp compliance

Steps

MaaS360 reinforces security by adding a time-based two-factor authentication support for portal administrators to meet the requirements of US Federal Risk and Authorization Management Program (FedRAMP). With this support, administrators must use a time-based one-time passcode in addition to their login credentials for authentication. In the previous releases, MaaS360 supported OTP via email and SMS.

MaaS360 supports the following apps to generate a passcode for two-factor authentication:

• Google Authenticator
• IBM Verify
• Microsoft Authenticator

Two-factor authentication setup

To enable time-based two-factor authentication,

1. Navigate to Setup > Settings > Administrator Settings> Advanced.

2. In the Configure Settings section, select Configure Strong Authentication> Two-Factor Authenticationand then select Use Time-based Passcode.

Result: The time-based two-factor authentication is enabled.

Two-factor authentication for login

When the two-factor authentication is enabled, the administrators must use a passcode in addition to their login credentials for authentication. 

To log into MaaS360 account using the two-factor authentication password,

1. In the login page, authenticate using administrator username and password.

Result: The 2 Factor Authentication page is displayed. An email is sent to the administrator that consists of steps to configure two-factor authenticator app and a QR code.

2. Configure the supported app (IBM Verify, Microsoft Authenticator, or Google Authenticator) and scan the QR code generated in the email to generate a passcode.

3. Provide the passcode on the 2 Factor Authentication page and click Continue.

Result: Administrator successfully logs into MaaS360 application.