Privacy & Security
      Back to home
      1. Bocada Cloud Support Portal
      2. Privacy & Security

      Can I require users to use SSO or MFA/2FA to access Bocada Cloud?

      Learn how to set login security requirements

      By default, users log into Bocada Cloud with a username and password. However, users with a Super Administrator role can require that the users in their Bocada Cloud account must access the application using Single Sign-On (SSO) with a Microsoft work account, or second factor authentication (2FA). These options are useful for organizations with a security policy to require SSO, and/or multi-factor authentication when accessing certain applications. 

      Additionally, a user can choose to log into Bocada Cloud with SSO on their own, or use 2FA as an additional security measure by selecting one of those 2FA options under their User Settings. 

      Require SSO to access Bocada Cloud

      1. A user with a Super Administrator role can access Security Settings under the Administration section on the left navigation menu or Administration landing page (directly beneath "Users").

      2. Internal domain users: users who have the same email address domain as the original user who created the Bocada Cloud account are considered "internal domain" users. The Super Administrator can enable the requirement for them to login via SSO with their Microsoft work account.

      3. External domain users: users with a different email address domain than the original user who created the Bocada Cloud account are considered "external domain" users. The Super Administrator can enable the requirement for them to login via SSO with their Microsoft work account. 

        • Note:  This requires that external domain users must have the ability to log into external applications with a Microsoft work account. If you are unsure whether or not they have this capability, do not require it as it could prevent them from accessing Bocada Cloud.

      4. Click the Save button.
      5. If users have been required to login via SSO, the next time they try to log into Bocada Cloud they will be shown a message alerting them that they must sign in with a Microsoft work account to access the application.

      Learn more about how users login via SSO to Bocada Cloud.

      Require 2FA to access Bocada Cloud

      1. On the same Security Settings page under Administration, a user with a Super Administrator role can alternatively select a secondary authentication option for their users in their account when they log into Bocada Cloud. 

      2. Internal domain users: users who have the same email address domain as the original user who created the Bocada Cloud account are considered "internal domain" users. The Super Administrator can enable the requirement for them to login with a second factor authentication method (2FA). 

      3. External domain users: users with a different email address domain than the original user who created the Bocada Cloud account are considered "external domain" users. The Super Administrator can enable the requirement for them to login with a second factor authentication method (2FA). 

        • Note:  This requires that external domain users must have the ability to log into external applications using secondary authentication. If you are unsure whether or not they have this capability, do not require it as it could prevent them from accessing Bocada Cloud.

      4. Click the Save button.
      5. If users have been required to use 2FA, the next time they try to log into Bocada Cloud they will be shown a message alerting them that they must select a secondary authentication method and complete the setup.

      Learn more about how users select and set up 2FA

      What 2FA options are available?

      Bocada Cloud provides two authentication options that a user can choose from. They can also change their chosen secondary authentication method in User Settings from one option to the other; however, if the Super Administrator for their account has required 2FA, they will not be able to turn it off. After they login with their username and password, that chosen authentication method will be triggered. Options include:

      • Email a unique verification code: the user will be asked to enter a unique code that is sent to the email address associated with their Bocada Cloud account in order to access the application. 
      • Use an authenticator app: the user will be asked to enter a code from their authenticator app in order to access the application. 

      Note on the Bocada Cloud account email domain: when a customer creates a new Bocada Cloud account, the email address of that individual is automatically considered the internal email domain for that account (Billing Entity). If you have any questions about this functionality, enter a support ticket in Bocada Cloud or contact us