How to setup Multi-Factor Authentication (MFA) in CrowdStrike Falcon

32 February 11, 2025

Enabling Multi-Factor Authentication (MFA) in CrowdStrike Falcon adds an extra layer of security to user accounts by requiring an additional verification step beyond just a password. MFA helps prevent unauthorized access, even if login credentials are compromised.

This guide explains how to enable, configure, and enforce MFA for Falcon Console users.

Step 1: Log Into the Falcon Console

  1. Open a browser and go to https://falcon.crowdstrike.com.
  2. Sign in using your admin credentials.
  3. Click on your user profile icon in the top-right corner.
  4. Select My Settings from the dropdown menu.

Step 2: Enable MFA for Your Account

  1. In My Settings, navigate to the Multi-Factor Authentication section.
  2. Click Enable MFA.
  3. Choose your preferred authentication method:
    • Authenticator App (e.g., Google Authenticator, Microsoft Authenticator).
    • Security Key (YubiKey or FIDO2-compliant device).

Option 1: Using an Authenticator App

  1. Open your Authenticator App on your mobile device.
  2. Scan the QR Code displayed on the screen.
  3. Enter the 6-digit code generated by the app.
  4. Click Verify to complete the setup.

Option 2: Using a Security Key

  1. Select Security Key as the MFA option.
  2. Insert your YubiKey or FIDO2 device into the USB port.
  3. Follow the on-screen prompts to register your security key.
  4. Click Verify to finalize the setup.

Step 3: Enforce MFA for All Users (Admin Configuration)

Administrators can require MFA for all Falcon Console users by enforcing an MFA policy.

  1. In the Falcon Console, go to Settings > Users & Roles.
  2. Click on MFA Policy.
  3. Toggle Enforce MFA for All Users to ON.
  4. (Optional) Exempt specific service accounts or API users if needed.
  5. Click Save Changes.

📌 Note: Users will be required to set up MFA the next time they log in.

Step 4: Test MFA and Login

  1. Sign out of the Falcon Console.
  2. Go to https://falcon.crowdstrike.com and enter your credentials.
  3. When prompted, enter the MFA code from your authenticator app or security key.
  4. If authentication is successful, you will be logged in.

Step 5: Managing and Resetting MFA

If a user loses access to their MFA device, an administrator can reset MFA for their account.

  1. In Falcon Console, go to Users & Roles > Users.
  2. Find the user who needs an MFA reset.
  3. Click Reset MFA and confirm the action.
  4. The user will be prompted to set up MFA again during their next login.

Best Practices for MFA in CrowdStrike Falcon

✅ Enforce MFA for All Users – Prevents unauthorized console access.
✅ Use a Security Key for Admin Accounts – Provides stronger authentication.
✅ Regularly Audit MFA Settings – Ensure compliance with security policies.
✅ Have a Backup Method – Use multiple authentication options for recovery.