CrowdStrikeintermediate

Setup MFA in CrowdStrike Falcon: Step-by-Step Guide

Enable multi-factor authentication in CrowdStrike Falcon. Step-by-step guide to configure MFA with authenticator apps, security keys, and enforce for all users.

8 min readUpdated January 2026

Want us to handle this for you?

Get expert help →

Enabling Multi-Factor Authentication (MFA) in CrowdStrike Falcon adds an extra layer of security to user accounts by requiring an additional verification step beyond just a password. MFA helps prevent unauthorized access, even if login credentials are compromised.

This guide explains how to enable, configure, and enforce MFA for Falcon Console users.

Prerequisites

Before you begin, ensure you have the following based on your role and chosen authentication method:

For Authenticator Apps

  • A mobile device (smartphone or tablet) with Google Authenticator or Microsoft Authenticator installed
  • Camera access on your device to scan QR codes

For Security Keys

  • A YubiKey or other FIDO2-compliant hardware security key
  • An available USB port on your computer

Admin Access Required For

  • Step 3 (Enforcing MFA for all users) - Requires Falcon Administrator role
  • Step 5 (Resetting user MFA) - Requires Falcon Administrator role

Individual users only need Steps 1, 2, and 4 to set up their own MFA.

For Individual Users

The following steps (1, 2, and 4) can be completed by any Falcon Console user to set up MFA on their own account.

Step 1: Log Into the Falcon Console

  1. Open a browser and go to: https://falcon.crowdstrike.com or https://falcon.us-2.crowdstrike.com/ (Varies by tenant).
  2. Sign in using your Falcon Console credentials.
  3. Click on your user profile icon in the top-right corner.
  4. Select My Settings from the dropdown menu.

Step 2: Enable MFA for Your Account

  1. In My Settings, navigate to the Multi-Factor Authentication section.
  2. Click Enable MFA.
  3. Choose your preferred authentication method (see decision helper below):
  4. Authenticator App (e.g., Google Authenticator, Microsoft Authenticator).
  5. Security Key (YubiKey or FIDO2-compliant device).

Which Method Should You Choose?

Choose Option 1 (Authenticator App) if you have a smartphone or tablet and want a convenient, software-based solution that generates codes automatically.

Choose Option 2 (Security Key) if you have a hardware security key like YubiKey and want the strongest level of protection, especially recommended for administrator accounts.

Option 1: Using an Authenticator App

  1. Open your Authenticator App on your mobile device.
  2. Scan the QR Code displayed on the screen.
  3. Enter the 6-digit code generated by the app.
  4. Click Verify to complete the setup.

Option 2: Using a Security Key

  1. Select Security Key as the MFA option.
  2. Insert your YubiKey or FIDO2 device into the USB port.
  3. Follow the on-screen prompts to register your security key.
  4. Click Verify to finalize the setup.

For Administrators Only

The following steps require Falcon Administrator privileges. Skip to Step 4 if you are setting up MFA for your own account only.

Step 3: Enforce MFA for All Users (Admin Configuration)

Administrators can require MFA for all Falcon Console users by enforcing an MFA policy.

  1. In the Falcon Console, go to Settings > Users & Roles.
  2. Click on MFA Policy.
  3. Toggle Enforce MFA for All Users to ON.
  4. (Optional) Exempt specific service accounts or API users if needed.
  5. Click Save Changes. 📌 Note: Users will be required to set up MFA the next time they log in.

Verification (For All Users)

Step 4: Test MFA and Login

After completing Step 2, verify that your MFA is working correctly.

  1. Sign out of the Falcon Console.
  2. Go to https://falcon.crowdstrike.com and enter your credentials.
  3. When prompted, enter the MFA code from your authenticator app or security key.
  4. If authentication is successful, you will be logged in. Your MFA setup is now complete. The remaining step is for administrators only.

For Administrators Only (Continued)

Step 5: Managing and Resetting MFA

If a user loses access to their MFA device, an administrator can reset MFA for their account.

  1. In Falcon Console, go to Users & Roles > Users.
  2. Find the user who needs an MFA reset.
  3. Click Reset MFA and confirm the action.
  4. The user will be prompted to set up MFA again during their next login.
Free Download

The CrowdStrike Falcon Admin Cheat Sheet

Quick-reference commands, pre-built exclusion templates for SQL Server, SCCM, Exchange, and Domain Controllers, plus sensor health check scripts.

CrowdStrike Falcon Cheat SheetCommands, exclusion templates, and health scripts

No spam. Unsubscribe anytime.

Best Practices for MFA in CrowdStrike Falcon

  • Enforce MFA for All Users – Prevents unauthorized console access.
  • Use a Security Key for Admin Accounts – Provides stronger authentication.
  • Regularly Audit MFA Settings – Ensure compliance with security policies.
  • Have a Backup Method – Use multiple authentication options for recovery.

Frequently Asked Questions

Find answers to common questions

CrowdStrike Falcon supports two primary authentication methods for MFA: Authenticator Apps and Security Keys. For Authenticator Apps, you can use tools like Google Authenticator or Microsoft Authenticator. Users simply scan a QR code during setup and enter the generated 6-digit code. For Security Keys, devices like YubiKey or any FIDO2-compliant security key can be registered by inserting the key into a USB port and following on-screen prompts. Choose the method that best fits your organization’s security posture and user convenience.

To enforce MFA for all users, an administrator must navigate to Settings > Users & Roles within the Falcon Console. From there, click on MFA Policy and toggle the 'Enforce MFA for All Users' option to ON. It’s advisable to consider exempting specific service accounts or API users if necessary. After saving changes, all users will need to set up MFA upon their next login. This step significantly enhances overall security by ensuring that all user accounts are protected with MFA.

If a user loses access to their MFA device, an administrator can reset the MFA settings for that user. To do this, navigate to Users & Roles > Users in the Falcon Console, locate the affected user, and click 'Reset MFA.' After confirming the action, the user will be prompted to set up MFA again during their next login. It's essential to have a robust process for handling such scenarios, including verifying the identity of the user requesting the reset to maintain security.

Need Expert CrowdStrike Management?

Whether you're migrating EDR platforms or need managed detection, our team handles seamless transitions and 24/7 monitoring.

Learn About 24/7 Detection & ResponseExplore EDR Migration & Hardening

Related Articles

CrowdStrike Falcon RBAC Guide: User Roles, Permissions & Least Privilege Access

Complete guide to CrowdStrike Falcon RBAC and user permissions. Configure least privilege access, create SOC analyst roles, manage admin permissions, and troubleshoot access issues.

Read More →

CrowdStrike Exchange Exclusions | Configure Falcon for Exchange Server

Configure CrowdStrike exclusions for Exchange Server. Protect database files, logs, and processes to ensure mail flow.

Read More →

Deploy CrowdStrike Falcon via GPO | Active Directory Guide

Step-by-step guide to deploy CrowdStrike Falcon sensors using Group Policy. Silent installation, startup scripts, troubleshooting tips for AD environments.

Read More →

Related Tools

Free tools to help you implement what you learned

EDR Needs Assessment

Evaluate your endpoint detection and response requirements

Try it free →

MITRE ATT&CK Explorer

Map threats to the MITRE ATT&CK framework

Try it free →

Incident Response Playbook

Generate customized IR playbooks for your organization

Try it free →
Back to CrowdStrike