Distribute Multi Factor Authentication
This guide provides an overview of product features and related technologies. In addition, it contains recommendations on best practices, tutorials for getting started, and troubleshooting information for common situations.
Please note: MFA only affects the marketplace backend (https://marketplace.matrix42.com/wp-admin/). If you want to place orders or manage your existing ones, you do not need MFA.
Requirements
To be able to use the marketplace backend, it is required to have MFA enabled via your Azure Active Directory. Therefore, you ned to make sure you have the following:
Configuration
Please follow the steps below to activate MFA using Azure Active Directory (AAD).
Set up ACS and MyWorkspace
In the first step, it's important to get your ACS account running.
To do that, please log in via https://accounts.matrix42.com. The first account that signs up for your company will be considered the Company administrator or also called "Global Admin".
This account can distribute permissions and settings throughout your Matrix42-Account.
In the next step, please log in to your MyWorkspace account to enable the AAD login. This is required to enable the Identity Provider that takes care of authenticating via your Azure Active Directory.
If it is the first time you log in to MyWorkspace, please make sure to use the login form fields and not the Azure Active Directory, as it is not connected yet.
After the successful login, please head to the Identity provider page by clicking this link, or by heading manually to Administration -> Security -> Identity Providers.
Lastly, activate the identity provider management, "Azure Active Directory", and click "Save".
Enable the Microsoft Authenticator within your AAD:
The marketplace currently supports only the Microsoft Authenticator app as a valid way to authenticate your user on our marketplace. To enable it within your AAD, please follow these steps:
- Sign in to your Azure portal (https://portal.azure.com/) as a Global administrator.
- Within the search field, search for and click on "Authentication Methods" -> Policies
- Click on "Microsoft Authenticator" and enable it.
- (Optional) It is possible to customize the way you want to use the authenticator. For example, you can choose whether you want to use number matching or Push notifications. This can be adjusted within the "Configure" tab:
Tipp: In case you do not see the Microsoft Authenticator Setting, make sure you've installed the Microsoft Authenticator app on your mobile device and that you're logged in.
Configure the Multi-Factor Authentication for one or multiple users within your AAD:
- Sign in to your Azure portal (https://portal.azure.com/) as a Global administrator.
- Search for and select "Azure Active Directory"
- Select "All Users" and after Per-User MFA
- Lastly, select the users you want to activate MFA for, and they will have to go through the MFA process during their next login.
Finalize setup:
After you followed the above steps, you successfully configured the MFA process to access the marketplace. Now its time to access your partner dashboard: https://marketplace.matrix42.com/wp-admin/
FAQ
Read our frequently asked questions to get more insights.
Can I enable MFA per tenant instead of every user separately?
Yes. To enable MFA per tenant, you can follow this manual, but note that this case requires the Azure AD tenant to be with an Azure AD Premium P1 license: https://learn.microsoft.com/en-us/az...able-azure-mfa
What happens if Multi-Factor Authentication is not activated, but you try to access the Matrix42 Marketplace backend?
In this case, you will see an error, as seen below. If this is the case, please make sure you did the following:
- Azure Active Directory is activated within the Identity Providers of your MyWorkspace account
- MFA is activated within your Azure Active Directory
- You are using AAD during the login process
For further assistance, please reach out to us.
What authentication verification methods are available?
Microsoft Authenticator
You can get access to the app here: https://www.microsoft.com/en-us/security/mobile-authenticator-app
We don't use Azure Active Directory. What should we do?
It is not possible to use the Marketplace backend without AAD.
I'm using Google, Facebook, or LinkedIn to log in. Can I Access the backend with those?
No. It is not possible to use the Marketplace backend with any other than AAD.
Do I need to set up an AAD connector within MyWorkspace to connect my AAD?
No. It is only required to activate the AAD identity provider within MyWorkspace.
We are only using the Marketplace for shopping and to access our account dashboard. Do we need MFA?
No. Your account dashboard does not require MFA.
Can I use my personal AAD account to login?
No. It must be a company account as otherwise the authentication fails.
Within ACS, I can see the field "MFA Enabled". Do I need this?
No. This field is obsolete as it was used in times when MFA was handled by a third-party integration.
Can I make someone else an admin of my ACS Company?
Yes. You can also enable other employees to become an admin of your ACS-Enterprise-Account.
To do that, please head over to https://accounts.matrix42.com, and log in.
Once done, please head to My Company -> Groups -> Company Administrators, and assign the role to the employees you want to make an admin.
I get an error message "Selected user account does not exist in tenant XXXX and cannot access application xxx in that tenant.". What's the problem?
This error message appears when you try to log into MyWorkspace using AAD while AAD is not selected as an Identity provider within MyWorkspace itself. To fix this, please use the form fields during the login process to MyWorkspace instead.
Useful links: