MFA for Acreto Connect Client - User Guide

Before You Start

What is Multifactor Authentication, and why should you use it?

Two-Factor Authentication (2FA or MFA) - 2FA is an extra layer of security to ensure that people trying to access an online account are who they say they are. First, a user will enter their username and password. Then, instead of immediately gaining access, they must provide other information.

This article explains why you should enable MFA in Acreto.

Prerequisites

The Administrator of your Ecosystem should Enable the MFA for you.

To get the best User Experience with Acreto MFA, you need to download and install Acreto Connect Client

How To

Step 1: Start the Onboarding Procedure

If MFA is enabled in your Ecosystem, you should receive an Invitation email that allows you to set up the MFA for your account.

MFA - User profile edition MFA - User profile edition

Click the Button Accept Invitation to start the onboarding process. Next, you see an MFA setup page - provide your username and password registered on Identity Provider ( Generic LDAP, Azure Active Directory, Windows Server AD, Google Workspace, etc.) and select one of the Multi-Factor Providers to register their Multi-factor device.

MFA - Enable MFA in wedge MFA - Enable MFA in wedge

On this screen, you may also choose the second-factor method: Email or Authentication Application - more details about them in next the step.

Step 2: Choose the Second Factor

There are two ways of receiving the second factor of authentication - Email and Authentication Application.

Email

  1. If you choose Email as the Multi-factor provider, you receive the auth code as an email message whenever you try to log in.
  2. Provide the token received on the email on the Acreto auth page.
  3. Whenever the token expires(generally 24 hours), Acreto will prompt for reconnection, and the user will have to provide the username/password and new token sent via email to reconnect.
  4. Proceed to the next step for finishing the Onboarding process to Acreto VPN.

One-Time Password

  1. If you choose One-Time Password as the Multi-factor provider, you need to scan the QR code screen to register the authenticating device which can receive the token.
  2. Download Google Authenticator or an equivalent app from the App Store on your mobile device.
  3. Scan the QR code on the Acreto page to add the account on the Authenticator app.
  4. The Authenticator app will generate the token after adding the account. Use the token on the Authenticator app and provide it on the token box on the Acreto page.
  5. Whenever the token expires(generally 24 hours), Acreto will prompt for reconnection, and the user will have to provide the username/password and token generated on the Authenticator app to reconnect.
  6. PProceed to the next step for finishing the Onboarding process to Acreto VPN. MFA - Scan QR code MFA - Scan QR code

Step 3: Complete the onboarding process

  1. After successful authentication, the user will be provided the link to download the VPN configuration. MFA - Download Profile MFA - Download Profile
  2. Click the link to download the VPN configuration.
  3. Import the downloaded VPN configuration on the Acreto Connect Client
  4. Upon successful import, the Acreto VPN will be auto-connected.
  5. Verify your connection by checking Acreto’s ISP.

ACC Connection

From now on, periodically (usually once for 24h), Acreto Connect Client will ask you about the second factor.

You must provide the token to keep the connection or establish a new one. Acreto Connect CLient will inform you about the need to authenticate with the proper window.

MFA - Inactivity timeout MFA - Inactivity timeout

Summary

In an increasingly interconnected and threat-prone digital landscape, Multi-Factor Authentication has emerged as a “must-have” feature for organizations and individuals. By mitigating password vulnerabilities, enhancing security, complying with regulations, and offering user convenience, MFA significantly strengthens access control and protects against unauthorized access and data breaches. Implementing MFA is a proactive step towards bolstering overall cybersecurity posture and safeguarding sensitive information.