2 Replies Latest reply on Jan 20, 2018 8:56 AM by Josh Hill

    Multi-factor Authentication (MFA) for Marketo

    Brenda Le

      Does Marketo offer MFA for added security?

        • Re: Multi-factor Authentication (MFA) for Marketo
          Sanford Whiteman

          I don't think directly, but if you use MFA-enabled SSO that would work.

            • Re: Multi-factor Authentication (MFA) for Marketo
              Josh Hill

              There are several ways to harden your instance:

               

              • Marketo does use 2 factor login authentication by default.
              • Increase to High Password security [everyone will have to re-set passwords, including API Users if you had one with a login like Kapost]
              • Separate Marketo User login for SFDC (don't use a person's login).
              • Refine Roles and Permissions ( I have 20+ now)
              • Use Workspaces/Partitions to minimize access to sensitive information like Customers by Region or Country.
              • SSO - just installed this and it works very well, very easy to setup.
                • One caveat is that some integrations will have to bypass it and you will likely want to let admins bypass (default) which can create some holes.
                • Another that isn't clean in the docs: You must setup a new user + Role manually with the same email address they have in SSO service. Then they can use the SSO to login directly.
                • Sandbox users will have to have a separate login still with a different SSO Setup.
              • IP Authentication - VPN Only - this will drive everyone nuts because it will mean you can only login from your onsite locations or force remote employees to VPN in.
              • Pay for Encrypted Instance on a secure pod. Little known fact: your DB is NOT encrypted!! Only the connections are.
                • You must ask your Account Manager for details and it's not cheap. It will take at least a weekend to transfer over. I would personally recommend this if you can afford it to minimize risk further.
                • Don't do something stupid like sync SSN and PCI data - Marketo is not the place for that data.
              2 of 2 people found this helpful