18 - Multi-Factor Authentication – NinjaOne SaaS Backup Help Center

Topic

This article describes how to implement NinjaOne SaaS Backup's advanced multi-factor authentication (MFA) features.

Environment

NinjaOne SaaS Backup

Description

Multi-factor authentication (MFA) enhances your account's security with stronger login protection. You can activate MFA from the Security Settings page.

Activate Personal MFA

MFA requires an authenticator app for activation and login. Ensure that you have downloaded a third-party authenticator app on your device. You can use any authenticator app available on the Apple App Store or Google Play Store.

To enable or manage MFA, navigate to the Security Settings page in NinjaOne SaaS Backup. You can access Security Settings in either of the following ways:

The Security Settings page contains the following two sections:

Personal Multi-factor Authentication Settings
Multi-factor Authentication Policy Settings

**Figure 1:** Security Settings (click to enlarge)

If you're not an owner, super administrator, or administrator, you will only be able to access the Personal Multi-factor Authentication Settings section.

The purpose and setup of each of the two Security Settings sections are as follows:

Personal Multi-factor Authentication Settings

In this section, you can enable MFA for your own account as follows:

Select the Personal Multi-factor Authentication Settings option.
Once you have enabled the option, NinjaOne SaaS Backup will display a success banner. However, you must log out and log back in to complete MFA activation.

Multi-factor Authentication Policy Settings

In this section, you can enforce MFA for other partner roles or for all organizations you manage. You may enable one or both of the options listed, depending on your security requirements.

Here's how to set up MFA policies:

Select the MFA options you require:

Enforce MFA for all partner users: All users who can access the Partner Portal will be required to enable MFA. You can view and manage these users in the partner portal User Management section.
Enforce MFA for all organizations: All users within your organizations, including End-User Portal users, will be required to enable MFA.

Once you have selected your preferred options, NinjaOne SaaS Backup will display a success banner. Note that once enforcement is active, all roles, including owners, administrators, and your own account, will be required to set up and use MFA.

You cannot turn off personal MFA when enforcement is active.

Login Flow for Users to Activate MFA

Once you've enabled MFA, NinjaOne SaaS Backup will guide you through your personal MFA activation process at your next login.

Ensure that you have downloaded a third-party authenticator app on your device.

After logging in and selecting your account, NinjaOne SaaS Backup will direct you to the Multi-factor Authentication (MFA) page. This page guides you through activating MFA. Click Setup MFA to continue the activation process.

**Figure 2:** Multi-factor Authentication (click to enlarge)

Open your third-party authenticator app. Scan the QR code or enter the setup key provided, then enter the verification code generated by your authenticator app and click Verify to activate MFA.

**Figure 3:** Setup MFA (click to enlarge)

Once activation is successful, NinjaOne SaaS Backup will enable MFA and redirect you to the NinjaOne SaaS Backup dashboard.

Log in when MFA is already activated

After completing MFA activation, on your next login, NinjaOne SaaS Backup will prompt you to enter the code from your authenticator app to access the dashboard.

Reset Your MFA

You can reset MFA if you lose access to your authenticator app, for example, if your phone is lost or damaged. If you can access the Security Settings page, you can reset MFA on your own. If you are unable to access this page, you will need to ask your organization administrator to reset MFA for your account.

If you can access the Security Settings page, you can reset your MFA using the following steps:

Navigate to the Security Settings page and select Reset Multi-Factor Authentication (MFA).

**Figure 4:** Security Settings (click to enlarge)

A Reset Multi-factor Authentication prompt will appear. Enter your login password to verify your identity, then click Continue to proceed with the reset.

**Figure 5:** Reset Multi-factor Authentication (click to enlarge)

NinjaOne SaaS Backup will send a reset Two-Factor Authentication (2FA) email to your mailbox. After receiving the reset email, click the link provided to confirm the reset.

mfa9 (1).png — **Figure 6:** Reset Two-Factor Authentication (click to enlarge)

NinjaOne SaaS Backup will redirect you to the login page. The login experience may differ depending on the MFA enforcement status:

If MFA is not enforced by your organization, NinjaOne SaaS Backup will direct you to the dashboard after logging in.
If your organization enforces MFA, NinjaOne SaaS Backup will prompt you to activate MFA. You must set up your new MFA before you can access the dashboard.

Reset MFA for Other Users

When a user experiences MFA access issues, administrators can reset the user's MFA. This ability is limited to those with the owner, super admin, or administrator role within the partner.

To reset a user's MFA, follow these steps:

Log in to the Partner Portal.
From the dashboard, navigate to Settings → User Management.

The MFA Status column will display one of two possible statuses:

Active: User has successfully enabled MFA
Inactive: User has not enabled MFA

mfa10 (1).png — **Figure 7:** User Management (click to enlarge)

For the user whose MFA you want to reset, click the actions menu at the end of the row and select Reset MFA.

A confirmation pop-up will appear. Click Yes, Continue to complete the reset.

**Figure 8:** Reset Multi-factor Authentication (click to enlarge)

A reset confirmation email will be sent to the user, prompting them to set up Multi-Factor Authentication again on their next login.

The reset email is valid for 24 hours only. If the link expires, you will need to request another MFA reset.

Frequently-Asked Questions (FAQs)

The following information represents questions frequently asked by our partners and their answers, provided by our product teams.

Which partner type can enable enforcement?

This option is only available to distributors and sub-resellers. Note that distributors cannot enforce partner-user or end-user MFA for sub-resellers.

What happens if I don't enable MFA?

For now, enabling MFA is not mandatory unless your organization administrator activates MFA enforcement.

Can I turn off my MFA if my partner enforces MFA?

No, if MFA enforcement is enabled, you won't be able to complete the login process or access your account until you've authenticated. It's a required step to keep your information secure.

As a partner owner, can I turn off the MFA enforcement that I previously activated?

Yes. As long as you have the required access, you can enable or disable MFA enforcement as needed. Note that MFA enforcement affects every role for the partner or organization.

Can I turn off my MFA after activating it?

Yes. As long as your organization has not turned on MFA enforcement, you can turn off MFA at any time. However, if your organization enforces MFA, the option will be inactivated. You can still reset your MFA if needed, such as when you switch to a new authenticator app or device.

Can I use the same MFA code if I use my email address for multiple accounts?

No. Each account will have its own authentication code, even if you use the same email address across different partners. This policy ensures that every account remains secure.

My account already has MFA enabled through Microsoft or Google Single Sign-On. Do I still need to enable MFA in NinjaOne SaaS Backup?

Yes. If the administrator in your organization enforces MFA, you are also required to enable NinjaOne SaaS Backup MFA.

When you have two MFAs enabled (one from Microsoft or Google and one from NinjaOne SaaS Backup), you will have two layers of MFA, which means you will need to complete MFA verification twice. This additional security layer provides stronger protection by reducing the risk of unauthorized access, even if one MFA layer is compromised, and helps better safeguard your account and sensitive data.

What happens if I enter the wrong MFA code multiple times?

You will not be able to log in if you continue entering an incorrect MFA code. If you need help, such as switching to a new authenticator app or device, you can ask your organization administrator to reset MFA for your account or contact our support team.

What should I do if my authenticator app is not working or my phone is lost or damaged?

If you cannot access your authenticator app, you can ask your organization administrator to reset MFA for your account. Once they have completed the reset, you will receive an MFA reset email. Click the link in the email to access the steps to set up MFA again for your account.

I did not receive the MFA reset email. What should I do?

Check your spam or junk folder to ensure the email is not there. Wait a few minutes, and if the email still hasn't arrived, contact our support team.

If I have the Support role, can I reset MFA in my organization?

No. Currently, only owners, super admins, or admins can reset and enforce MFA policies. If you require this access level, you may request a role change from your organization's administrator.

Can I use more than one third-party authenticator app?

Yes. You may install and use multiple authenticator apps on your device. However, you can only link an account to one authenticator app at a time. You can use different authenticator apps for other accounts as needed.

Can I use any third-party authenticator app?

Yes. You can use any authenticator app available on the Apple App Store or Google Play Store on your phone.

Related to

Search

18 - Multi-Factor Authentication