Multi-factor Authentification

Multi-factor Authentication for Rubrik: a simple, effective way to increase protection against unauthorized account access

Ransomware attacks are not only on the rise, but also targeting your backups. Multi-Factor Authentication (MFA) secures the credentials protecting this critical last line of defense. Rubrik strongly encourages customers to implement MFA on all Rubrik access methods.

Rubrik Native MFA
Rubrik supports multiple methods of MFA. For local and LDAP accounts. A native TOTP authentication works with common authentication applications - such as Microsoft Authenticator or Google Authenticator.

MFA for Single Sign-On (SSO)
For SSO integration, Rubrik integrates with SAML 2.0 Identity Providers (IdP), enabling users to access multiple applications with a single set of credentials. SAML providers can support multiple types of MFA schemes. Typical providers include Okta, Duo, and Ping Identity.

So, let’s hear it. Do you have your MFA turned on? Why or why not?!

100% switched on

TL:DR - if you haven’t why the heck not?

CDM works nicely albeit a pain having to have to type a code rather than device push

Polaris easy as … SAML to azure AD - nice group integration too. Only issue the primary account I think has to be local to Polaris and cannot be changed and cannot be mfa’d or at least last time I checked.

4 Likes

And you can also enable MFA on CLI/SSH access … :wink:
(with latest CDM releases)

Fully agree with you on this one

Not looked at my Polaris but its work in Progress

1 Like

I feel your pain. Its annoying. Hopefully it can be fixed. (Regarding have to type in the code.)

100% MFA. It’s an absolute must these days.

Also on the 100% MFA side here. Rubrik CDM, Shell and Polaris are secured. As always with Rubrik: Has been an easy task and straight forward. :slight_smile:

The only thing I can think of, why customers don’t implement MFA is the lack of knowledge or fear that it’s complex to use. Activation is done with just some clicks in CDM (global enforcement) and there is no need for an internet connection or firewall adjustments to use MFA. Users are presented with a configuration wizard for using MFA, after they first sign in with their credentials.

So if you haven’t used MFA yet: Do it now! :slight_smile:

Would be nice to go directly from Okta, instead of my.rubrik.com and log in with SSO.

We found that it broke as much as it fixed. We use AD service accounts that do API calls for automation. All that broke when we enabled MFA. Had to completely rebuild our processes. This also broke some 3rd party vendor integration that Rubrik boasts of having.