CrowdStrikeintermediate

Setup MFA in CrowdStrike Falcon: Step-by-Step Guide

Enable multi-factor authentication in CrowdStrike Falcon. Step-by-step guide to configure MFA with authenticator apps, security keys, and enforce for all users.

8 min readUpdated January 2025

Enabling Multi-Factor Authentication (MFA) in CrowdStrike Falcon adds an extra layer of security to user accounts by requiring an additional verification step beyond just a password. MFA helps prevent unauthorized access, even if login credentials are compromised.

This guide explains how to enable, configure, and enforce MFA for Falcon Console users.

Step 1: Log Into the Falcon Console

  1. Open a browser and go to: https://falcon.crowdstrike.com or https://falcon.us-2.crowdstrike.com/ (Varies by tenant).
  2. Sign in using your admin credentials.
  3. Click on your user profile icon in the top-right corner.
  4. Select My Settings from the dropdown menu.

Step 2: Enable MFA for Your Account

  1. In My Settings, navigate to the Multi-Factor Authentication section.
  2. Click Enable MFA.
  3. Choose your preferred authentication method:
    • Authenticator App (e.g., Google Authenticator, Microsoft Authenticator).
    • Security Key (YubiKey or FIDO2-compliant device).

Option 1: Using an Authenticator App

  1. Open your Authenticator App on your mobile device.
  2. Scan the QR Code displayed on the screen.
  3. Enter the 6-digit code generated by the app.
  4. Click Verify to complete the setup.

Option 2: Using a Security Key

  1. Select Security Key as the MFA option.
  2. Insert your YubiKey or FIDO2 device into the USB port.
  3. Follow the on-screen prompts to register your security key.
  4. Click Verify to finalize the setup.

Step 3: Enforce MFA for All Users (Admin Configuration)

Administrators can require MFA for all Falcon Console users by enforcing an MFA policy.

  1. In the Falcon Console, go to Settings > Users & Roles.
  2. Click on MFA Policy.
  3. Toggle Enforce MFA for All Users to ON.
  4. (Optional) Exempt specific service accounts or API users if needed.
  5. Click Save Changes.

📌 Note: Users will be required to set up MFA the next time they log in.

Step 4: Test MFA and Login

  1. Sign out of the Falcon Console.
  2. Go to https://falcon.crowdstrike.com and enter your credentials.
  3. When prompted, enter the MFA code from your authenticator app or security key.
  4. If authentication is successful, you will be logged in.

Step 5: Managing and Resetting MFA

If a user loses access to their MFA device, an administrator can reset MFA for their account.

  1. In Falcon Console, go to Users & Roles > Users.
  2. Find the user who needs an MFA reset.
  3. Click Reset MFA and confirm the action.
  4. The user will be prompted to set up MFA again during their next login.

Best Practices for MFA in CrowdStrike Falcon

Enforce MFA for All Users – Prevents unauthorized console access.
Use a Security Key for Admin Accounts – Provides stronger authentication.
Regularly Audit MFA Settings – Ensure compliance with security policies.
Have a Backup Method – Use multiple authentication options for recovery.

Frequently Asked Questions

Find answers to common questions

CrowdStrike Falcon supports two primary authentication methods for MFA: Authenticator Apps and Security Keys. For Authenticator Apps, you can use tools like Google Authenticator or Microsoft Authenticator. Users simply scan a QR code during setup and enter the generated 6-digit code. For Security Keys, devices like YubiKey or any FIDO2-compliant security key can be registered by inserting the key into a USB port and following on-screen prompts. Choose the method that best fits your organization’s security posture and user convenience.

Need Professional Help?

Our team of experts can help you implement and configure these solutions for your organization.

Contact Our TeamView Our Services

Related Articles

CrowdStrike User Roles: Create Custom Roles & Manage Permissions

Create and manage user roles in CrowdStrike Falcon with custom permissions. Step-by-step guide to configure role-based access control (RBAC), assign permissions, and restrict user access to Falcon console features.

Read More →

CrowdStrike Exchange Exclusions | Configure Falcon for Exchange Server

Configure essential CrowdStrike exclusions for Microsoft Exchange Server. Protect database files, transaction logs, and processes to prevent corruption and ensure mail flow.

Read More →

Deploy CrowdStrike Falcon via GPO | Active Directory Guide

Step-by-step guide to deploy CrowdStrike Falcon sensors using Group Policy. Silent installation, startup scripts, troubleshooting tips for AD environments.

Read More →
Back to CrowdStrike