Implementing two-factor authentication (2FA) for logging into Office 365 is one important puzzle piece in utilizing the cloud without compromising security. “There are also many advantages to choosing an easy-to-use and versatile 2FA solution,” says Johan Nylén, partner solutions architect at identity and security company Nexus Group.
Organizations increasingly move from on-premises applications to cloud applications. Microsoft Office 365 is one example of a popular cloud application that has quickly gained more users.
“Most organizations have critical resources and confidential information in Office 365, which must be protected from unauthorized access. You also have to consider local and international data protection laws and regulations. This means that login with only passwords is not a secure enough solution,” says Nylén.
Using Active Directory identities
There is a wide range of 2FA solutions available, and there are several factors to consider when choosing the right one for your organization.
“First of all, the 2FA solution should not require managing or synchronizing user passwords in the cloud, since that can compromise security. It also adds onto the administrative burden,” says Nylén.
The 2FA solution should also allow you to use identities from your local Microsoft Active Directory, since that will make your life a lot easier.
Watch webinar: How 2FA in Office 365 works
Login via a user-friendly mobile app
“But even more importantly, the solution should make your users’ lives easier. Way too many 2FA solutions don’t – the users find them clunky, irritating and burdensome,” says Nylén.
To be user-friendly, a 2FA solution should support login via a mobile app.
“An app is not the best 2FA method for all users or situations, so it’s important that your 2FA solution support other login methods too, such as PKI cards. But in most cases, a mobile app is the preferred solution,” says Nylén.
It is of course also important that the mobile app is truly user-friendly. The four most important aspects of this are: an intuitive and attractive user interface, push notifications for authentication requests, support for login with Touch ID and other fingerprint readers, and support for Face ID.
Ability to support new login methods
“But a user-friendly and secure mobile app will of course probably not be the preferred 2FA method forever. Technology evolves quickly, so you better make sure that your 2FA solution is future-proof and able to support new login methods as they are developed, and as the needs of different user groups change,” says Nylén.
Benjamin Zeuner, product owner of Nexus’s login platform Hybrid Access Gateway, agrees. He also points out that another very important factor for making a 2FA solution user-friendly is making it your only solution.
One 2FA solution for all types of resources
“Some organizations don’t think about this; they get a really user-friendly 2FA app for Office 365 – but it only works for Office 365. Then they get another 2FA solution for one of their local applications, a third for Salesforce, and a fourth for some other service. Having to juggle several different solutions is not popular among users – and it’s also a hassle to administer,” says Zeuner.
Thus, you have much to gain by choosing a 2FA solution that can be used for many different types of digital resources, independent of vendor – and regardless of whether the applications are local or cloud based.
Download our whitepaper: “How to implement two-factor authentication (2FA) to Office 365 with Nexus Personal Mobile”.
Support for all types of users
“To make your own life easier, the solution should also preferably support all types of users, no matter if they are internal or external,” says Nylén.
This can be a bit tricky, since most 2FA solutions don’t support external identities, such as Swedish BankID, Telia and SITHS.
“But it’s a very worthwhile feature, especially since the use of external identities are expected to grow a lot in countries where today they only play a minor roll. One reason for this expectation is the EU regulation eIDAS, which will take effect in 2018,” says Nylén.
In the meantime, it is a good idea to choose a solution with which you also can issue your own electronic identities to your external users.
Log in once to reach all digital resources
“The bottom line is that your users don’t notice if you have one login platform for internal users and one for external users – but you sure do,” says Zeuner.
Something the users do notice is if the solution supports single sign-on (SSO) or not, according to Lloyd Rodrigues, local technical product owner for Nexus’s products.
“Instead of logging in first to Office 365, and then to your project management system, and then to a third system, SSO lets your users log in once to reach all digital resources you protect with the 2FA solutions. Obviously, users love this,” says Rodrigues.
It is also preferable if the 2FA solution has a portal where all the local applications, systems and cloud services that are available to a user are gathered, so that the user easily can find them.
Integrate with your identity management system
One last reason why you are better off if you choose a truly easy-to-use and versatile 2FA solution is that you are able to integrate the 2FA solution with your identity management system.
“This makes it super easy and secure to enroll new users, revoke access rights, block credentials, change PINs, and so on, no matter if you use mobile apps, PKI cards or other 2FA methods,” says Nylén.
He has worked with a range of different 2FA solutions during his career, and is now spending most of his time helping organizations and partners get going with the Nexus 2FA solution.
Technical documentation available online
“It’s a blessing to work with a solution that fulfills all of the criteria for a truly easy-to-use and versatile 2FA solution. It’s also great that we have all the documentation needed to implement the solution and integrate new applications available online on Nexus Documentation – this makes everybody’s lives easier,” says Nylén.
The Nexus 2FA solution – the login platform Nexus Hybrid Access Gateway and the mobile app Nexus Personal Mobile – is a part of the Nexus Smart ID solution.
“The Smart ID solution includes identity management and a range of other functionality. It enables your users to identify themselves visually, log in, open doors, sign transactions, make payments, and use follow-me printing – with one single Smart ID,” says Rodrigues.