Introducing Spacelift MFA

Keeping your infrastructure secure and compliant is vital to protect your organization’s sensitive information and uphold its operational integrity and business continuity. Spacelift understands how important security is, and we continue to add security-related features to ensure your infrastructure management remains robust and protected. See what makes Spacelift secure here.

We recently added a mechanism that will reinforce your security posture. Multi-factor authentication (MFA) inside Spacelift is an extra layer that will protect your Spacelift account even if your identity provider (IdP) is compromised.

Before we show the feature in action, let’s explore what it is and why it is important.

MFA involves using multiple authentication mechanisms when logging into an application. Traditionally in IT systems, users must add their username and password before they can log in. Passwords are easily intercepted and stolen and can then be used to get unauthorized access to services for malicious use.

With MFA, you must have at least one alternative to your password for authentication. Choose from:

• One-time passwords (OTP) that reset after a couple of seconds in a mobile authentication system such as Microsoft Authenticator or Google Authenticator
• SMS tokens – You receive an SMS OTP on your mobile phone to connect.
• Email tokens – You receive an email OTP on your email address to connect.
• Biometric authentication – You use your fingerprint or facial recognition.
• Hardware security key – Physical devices have to be plugged into your computer to authenticate.

MFA acts as the last line of defense by adding an additional layer of security that will protect your users against unauthorized access. Last year, there was a security incident at Okta that allowed hackers to access some customer systems. A similar thing happened for some Microsoft Azure accounts, where threat actors combined several phishing techniques to access the clients’ systems.

With MFA, even if somebody has your password, they won’t be able to log in to the product you are using without the second form of verification.

In addition, implementing MFA is very cost-effective, especially compared with the potential damage of data breaches. Many industries have rules and regulations that require MFA to protect sensitive data, so implementing it will make you compliant.

Before enabling MFA, remember that this is an enterprise feature only. To use it on your account, please make sure that the Single Sign-On (SSO) feature is set up. To enable SSO, check out our documentation.

First, go to Organization Settings by clicking on your profile in the bottom left of the screen and selecting this option. You will see the Multi-Factor Authentication option under Authentication.

As an administrator, you can require all the organization’s members to enable two-factor authentication. Because I don’t have a personal security key in my account, I will first have to create one, and I can do this in Personal settings.

Add a name to your key and click on Add key. You will see a pop-up asking how you’d like to create the passkey:

For this example, I will set the passkey on my phone. To do that, I will need to scan a QR code and follow the instructions:

After following the instructions successfully, you should see your key:

Next, if you go back to Organization Settings for MFA, you can enforce MFA for all members by toggling that option.

Now, let’s log out and log back in:

After clicking on the Use security key, you will see options for providing the passkey. Select the phone method (that is how we’ve saved the passkey).

Now follow the instructions on your phone.

This should result in a successful login.

Using MFA can greatly increase security and compliance and ensure your infrastructure is safer even in the worst-case scenarios.

To take your infrastructure orchestration to the next level while staying safe, create a free account with Spacelift today or book a demo with one of our engineers.