Multi Factor Authentication in MuleSoft Anypoint Platform

Multi-Factor Authentication (MFA) is a security mechanism wherein a user is granted access only after providing more than one authentication method.

An organization administrator can make it mandatory for all non-SSO users to use MFA, exempt some accounts from this or make it optional for users – allowing users to enable it if they want.

MFA setting does not apply to SSO users; they have to enable MFA at their respective Identity provider level.

Following are the methods to implement the Anypoint platform Multi-Factor Authentication:

1. One-Time Password Generator: Registers an authenticator app to create verification codes that you provide when logging in to Anypoint Platform.
2. Built-in Authenticator: Registers a physical authentication device, such as Touch ID or Windows Hello, to verify your identity when logging in to Anypoint Platform.
3. Security Key: Registers a USB security key, such as Yubico YubiKey or Google Titan Security Key, to your account. The device is then authorized to create verification codes that you provide when logging in to Anypoint Platform.
4. Salesforce Authenticator: Registers the Salesforce Authenticator mobile app to create verification codes that you provide when logging in to Anypoint Platform.

In this article, we will look at the last method, i.e., Salesforce Authenticator.

The process to apply MFA

1. Login to Anypoint platform account, navigate to Access Management > Multi-Factor Auth

Two options are there: Optional and Required. By default, it is optional, meaning the organization does not require MFA, but users can enable it. Selecting Required makes it mandatory for all users to use MFA. Admin can exempt some accounts from it.

Let’s make it required.

2. Either log out, log in again, or open the Platform login page using a different browser or incognito. After entering the username and password, it will ask to use one of the four MFA methods.
3. Here, we will go with the Salesforce Authenticator, for which the Salesforce authenticator should be pre-installed on the phone. Finish the pretty simple setup.

For users, Login to the MuleSoft Anypoint platform will require authentication using the Salesforce Authenticator app.

On selecting the alternative option in the first step, there will not be a prompt for another verification for Logging-in. Enabling MFA, in this case, is also possible by navigating to profile > Configure Multi-Factor Authentication (MFA) and setting up the MFA method.