Enable Multi-Factor Authentication (MFA)

ErikT · ‎05-31-2021

TL;DR-Sweepy-Icon (1).png
This page explains how you can increase security by enabling Multi-Factor Authentication (MFA) for your account and your Lansweeper Site.

To increase the overall security of your Lansweeper Site, it is possible to enable Multi-Factor Authentication (MFA). This additional security layer on top of your regular login will further protect your asset and user data stored in Lansweeper Sites.

There are two ways to implement MFA; you can enable SSO in Lansweeper Sites, and use the MFA options made available by your identity provider, or you can use Lansweeper Sites' MFA configuration.

If you've enabled both MFA through Lansweeper Sites, and SSO for your domain along with the MFA options in your Identity Provider (IdP), you will need to provide a one-time password (OTP) generated by your authenticator app twice when using SSO to log in: one OTP will be used for the MFA in Lansweeper Sites, and another OTP will be used for the MFA in your identity provider.

Enable MFA through SSO

By enabling SSO, you can log into Lansweeper Sites using your preferred identity provider, for example Azure Active Directory. You can then enable and enforce MFA through your identity provider, ensuring a seamless login process.

For a detailed guide on configuring your SSO for Lansweeper Sites, check out Set up Lansweeper SSO.

Enable MFA through Lansweeper Sites

If you don't want to enable MFA through SSO, you can also enable MFA in Lansweeper Sites itself. MFA can be enabled on an account level, and your Site can be configured to require MFA.

This article explains how to enable MFA for your individual account, and how to enforce it for your entire site.

Make sure to enable Multi-Factor Authentication for your individual user account before enforcing it for your Site.

Enable Multi-Factor Authentication for an individual account

Before enabling MFA, make sure to have an authenticator app such as Microsoft Authenticator or Google Authenticator installed on your mobile phone.

To enable MFA for the logged-in account:

Go to the Settings > Account settings.
Toggle Multi-Factor Authentication. A QR code will be presented that you can scan with your preferred authenticator app.
After scanning the QR code, the account will be added to your authenticator app and a Time-based One-Time password (TOTP code) will be generated by the app.
Fill in the TOTP code presented by the app underneath the QR code and continue.
A new window will show your recovery key. Make sure to save the recovery key in a safe place.

MFA is now enabled for your account. In addition to your regular credentials, you will now be asked to generate a TOTP code with the authenticator app when logging in.

Alternatively, you can use your recovery key to log in. If you log in with a recovery key, a new key will be generated to replace the previous one.

Enforce Multi-Factor Authentication for all accounts linked to a Site

To enforce MFA for all accounts that have access to your Site:

Go to Configuration > Site settings.
Toggle Multi-Factor Authentication.
Select Confirm in the pop-up window.

MFA will now be enforced for the Lansweeper Site. Any user trying to access the site will be forced to enable MFA before getting access. Each user can configure MFA in their own account settings as explained earlier in this article.

Was this post helpful? Select Yes or No below!
Did you have a similar issue and a different solution? Or did you not find the information you needed? Create a post in our Community Forum for your fellow IT Heroes!
More questions? Browse our Quick Tech Solutions.