At LoginTC, we’ve learned a lot from working with dozens of MSPs each day to help them serve their clients better, and make managing MFA easier on their teams.
Below are some of the common concerns and questions that MSPs have about how best to manage their MFA deployments.
Occasionally, administrators need to login to an end user’s machine or account. Administrators sometimes have concerns that adding MFA will prevent that functionality.
In fact, organizations can implement secure MFA without compromising their ability to assist end users in accessing their accounts.
With LoginTC, administrators are able to see a user’s online and offline bypass codes, making it simple to support users and login on their behalf.
Shared accounts, while not always a recommended best practice, are a common feature at many organizations. Understandably, how best to share MFA tokens is a concern raised with these accounts, but there are secure and simple ways to do this.
Check out the following authentication solutions for shared accounts:
How can end users authenticate without smartphones?
There are many cases where companies are not able to, or do not wish to, provide corporate devices such as phones to employees. Depending on BYOD policies, employees also may not be able to authenticate using their personal smartphones.
Below are some ways to authenticate without the use of a smartphone.
If you manage a lot of clients, ensuring all their authentication credentials are stored and managed separately, while allowing for ease of management, can be tricky.
Luckily, LoginTC MFA for MSPs offers the MSP Hub. The MSP Hub allows administrators to easily add and manage multiple organizations as well as additional administrators.
Learn how to manage multiple clients with the MSP Hub below.
How can administrators share a token?
It’s common in many organizations for administrators to have shared credentials or shared sites that multiple administrators need to login to. In those instances, it’s possible to have secure, shared tokens that allow multiple administrators to login using MFA.
Below are some secure ways to add MFA to shared administrator accounts.
Logging offline is one of the most common questions we receive, and yet many MFA solutions don’t have a good way to solve this.
LoginTC’s method of ‘Always-On’ MFA ensures that users can login securely using MFA every time, even when their computer is offline.
There are no extra enrollment steps for users, no need to enroll a new application or security key each time, and logins are never rejected or bypassed. By logging in one time online, users are automatically enrolled into offline capabilities.
AutoElevate is a popular Privileged Access Management software that helps administrators easily manage credentials across multiple accounts.
LoginTC works in tandem with AutoElevate in order to secure Windows Logon. Visit our knowledge base article for full details on how to integrate LoginTC with AutoElevate.
How do I add organizations?
Adding new organizations that you manage is easy to do with LoginTC.
Once the MSP feature is enabled on your account, you’ll be able to add new organizations in just a few clicks. You can start from the MSP Hub, or by clicking on your existing Organization Name in the top left corner of your screen and then clicking New Organization.
Managing administrators is simple with LoginTC’s MSP features. Once enabled, you can view all administrators from the MSP Hub, including their role, what organization they can manage. From there, you can add, delete or change their role.
Can the same MFA token protect multiple endpoints?
Yes, with LoginTC you can use one token to protect any number of endpoints. Users can login to remote access services, VPNs and firewalls, Windows logins, email, web applications and more all with one token.
Can different user groups require different MFA tokens?
Yes, with LoginTC, your users can be separated into groups. Policies, such as authentication method policy, can be applied at the group level. Using the authentication method policy, you can decide which groups are required or enabled to use which authentication methods.
This is useful for requiring stronger forms of authentication for higher-privileged accounts, or enabling different methods based on BYOD policies.
Yes, LoginTC has been ISO 27001 certified since 2023. This rigorous compliance standard ensures that all our operations are held to the highest standard in information security.
We see a lot of unique use cases for MFA. If you don’t see your question, reach out to us.
We’ll work with you to deploy an MFA solution that’s easy to install and meets your clients needs. You’ll get fast access to set-up assistance and ongoing support.
