About Multi-Factor Authentication

Multi-Factor Authentication (MFA) is a critical security feature in N-able N-central that strengthens account protection by requiring users to verify their identity using more than just a password. With MFA enabled, users must provide two or more independent pieces of evidence (factors) before gaining access to the system.

Why MFA matters

Relying solely on passwords leaves accounts vulnerable to phishing, credential stuffing, and brute-force attacks. MFA significantly reduces this risk by requiring an additional verification step that is much harder to compromise.

N-central supports true Two-Factor Authentication (2FA), combining something the user knows (their password) with something they have (a time-based one-time code generated by an authenticator app).

Supported MFA method

N-central supports Time-Based One-Time Password (TOTP) authentication via industry-standard authenticator apps, including:

  • Microsoft Authenticator

  • Google Authenticator

  • Authy

  • Duo Mobile (TOTP mode)

This method generates a rotating 6-digit code that users must enter after their password to complete the login process.

MFA setup options

Administrators can configure MFA in N-central in three main contexts, depending on how users authenticate.

Local N-central users

Administrators can enable MFA directly within the N-central interface for accounts created and managed locally. Each user will:

  • Scan a QR code using their authenticator app during setup

  • Enter a 6-digit verification code on each login

  • Admins can enforce MFA individually or for all users under their Service Organization.

N-able Login users

If your N-central instance uses N-able Login (the centralized identity system for N-able products), MFA is managed by N-able Login:

  • MFA policies apply across all N-able products using N-able Login

  • MFA can be enforced organization-wide

  • Provides a consistent login experience and centralized user management

Federated Login (SSO)

If you're using a federated identity provider (IdP) using OIDC (for example, Entra ID, Okta, Ping Identity), MFA enforcement is handled by the IdP. In this case:

  • MFA is not managed within N-central

  • MFA policies (including biometrics, conditional access, etc.) are configured in your IdP

  • N-central respects the authentication decision from the federated source

User Experience

After MFA is enabled, users:

  • Enter their username and password

  • Be prompted for a 6-digit code from their authenticator app

  • Gain access upon successful verification

  • Users can optionally mark trusted devices to reduce repeated MFA prompts, if allowed by policy.

Best Practices

  • Enforce MFA for all users, especially those with elevated privileges

  • Combine MFA with Role-Based Access Control (RBAC) for least-privilege access

  • Audit user access regularly to ensure compliance

  • Educate users on using and securing their authentication devices