Security and Authentication

Dome9 Account Lockout for Failed Password

Super Users can set an account lockout threshold for failed attempts to log in. If a user enters an incorrect password more than the configured amount of times, the account is locked. To unlock their account, the users must reset their password.

Super User can unlock a locked user account.

To set the number of failed attempts:

1. In CloudGuard, navigate to Settings > Security & Authentication.

2. In the Security section, set the Dome9 account lockout threshold.

Multi-Factor Authentication for Dome9 Accounts

You can configure your CloudGuard account to use Multi-Factor Authentication (MFA).

You can use the applications below to create one-time authentication codes to sign in to CloudGuard:

• Google Authenticator

• Twilio Authy

• Other equivalent applications

To enable MFA:

1. In CloudGuard, navigate to Settings > Security & Authentication.

2. In the Multi-Factor Authentication section, move the slider to ON to configure an application. The configuration window opens.

3. Install an applicable application and use it to scan the QR code. The application displays a 6-digit code.

4. In the MFA configuration window, enter the code below step 3 - Verify your authenticator.

5. Click Verify and Save. On successful verification, the status changes to ON.

6. Account administrators can enforce MFA for all users, when they select this option. In this case, all users receive an email notification that they must enable MFA in 30 days. Users that do not configure MFA cannot log in to CloudGuard by the end of the period.

   Note - When the account owner or super users enforce MFA for all users, super users must activate the MFA for themselves. For the account owner, the MFA activation is optional.

To disable MFA:

1. In CloudGuard, navigate to Settings > Security & Authentication.

2. In the Multi-Factor Authentication section, move the slider to OFF.

To disable MFA for a specific user, see Disabling MFA for other users with Dome9 accounts.