CrowdStrikeintermediate

Setup MFA in CrowdStrike Falcon: Step-by-Step Guide

Enable multi-factor authentication in CrowdStrike Falcon. Step-by-step guide to configure MFA with authenticator apps, security keys, and enforce for all users.

8 min readUpdated January 2025

Enabling Multi-Factor Authentication (MFA) in CrowdStrike Falcon adds an extra layer of security to user accounts by requiring an additional verification step beyond just a password. MFA helps prevent unauthorized access, even if login credentials are compromised.

This guide explains how to enable, configure, and enforce MFA for Falcon Console users.

Prerequisites

Before you begin, ensure you have the following based on your role and chosen authentication method:

For Authenticator Apps

  • A mobile device (smartphone or tablet) with Google Authenticator or Microsoft Authenticator installed
  • Camera access on your device to scan QR codes

For Security Keys

  • A YubiKey or other FIDO2-compliant hardware security key
  • An available USB port on your computer

Admin Access Required For

  • Step 3 (Enforcing MFA for all users) - Requires Falcon Administrator role
  • Step 5 (Resetting user MFA) - Requires Falcon Administrator role

Individual users only need Steps 1, 2, and 4 to set up their own MFA.

For Individual Users

The following steps (1, 2, and 4) can be completed by any Falcon Console user to set up MFA on their own account.

Step 1: Log Into the Falcon Console

    - Open a browser and go to: [https://falcon.crowdstrike.com](https://falcon.crowdstrike.com/) or [https://falcon.us-2.crowdstrike.com/](https://falcon.us-2.crowdstrike.com/) (Varies by tenant). - Sign in using your **Falcon Console credentials**. - Click on your **user profile icon** in the top-right corner. - Select **My Settings** from the dropdown menu.
---

Step 2: Enable MFA for Your Account

    - In **My Settings**, navigate to the **Multi-Factor Authentication** section. - Click **Enable MFA**. - Choose your preferred **authentication method** (see decision helper below):
    • Authenticator App (e.g., Google Authenticator, Microsoft Authenticator).
    • Security Key (YubiKey or FIDO2-compliant device).
### **Which Method Should You Choose?**

Choose Option 1 (Authenticator App) if you have a smartphone or tablet and want a convenient, software-based solution that generates codes automatically.

Choose Option 2 (Security Key) if you have a hardware security key like YubiKey and want the strongest level of protection, especially recommended for administrator accounts.

Option 1: Using an Authenticator App

    - Open your **Authenticator App** on your mobile device. - Scan the **QR Code** displayed on the screen. - Enter the **6-digit code** generated by the app. - Click **Verify** to complete the setup.
### **Option 2: Using a Security Key**
    - Select **Security Key** as the MFA option. - Insert your **YubiKey** or FIDO2 device into the USB port. - Follow the on-screen prompts to **register your security key**. - Click **Verify** to finalize the setup.
---

For Administrators Only

The following steps require Falcon Administrator privileges. Skip to Step 4 if you are setting up MFA for your own account only.

Step 3: Enforce MFA for All Users (Admin Configuration)

Administrators can require MFA for all Falcon Console users by enforcing an MFA policy.

    - In the **Falcon Console**, go to **Settings** > **Users & Roles**. - Click on **MFA Policy**. - Toggle **Enforce MFA for All Users** to **ON**. - (Optional) Exempt specific **service accounts** or **API users** if needed. - Click **Save Changes**.
📌 **Note:** Users will be required to set up MFA the next time they log in.

Verification (For All Users)

Step 4: Test MFA and Login

After completing Step 2, verify that your MFA is working correctly.

    - Sign out of the **Falcon Console**. - Go to [https://falcon.crowdstrike.com](https://falcon.crowdstrike.com) and enter your credentials. - When prompted, enter the **MFA code** from your authenticator app or security key. - If authentication is successful, you will be logged in.
Your MFA setup is now complete. The remaining step is for administrators only.

For Administrators Only (Continued)

Step 5: Managing and Resetting MFA

If a user loses access to their MFA device, an administrator can reset MFA for their account.

    - In **Falcon Console**, go to **Users & Roles** > **Users**. - Find the user who needs an MFA reset. - Click **Reset MFA** and confirm the action. - The user will be prompted to **set up MFA again** during their next login.
---

Best Practices for MFA in CrowdStrike Falcon

✅ **Enforce MFA for All Users** – Prevents unauthorized console access.
✅ **Use a Security Key for Admin Accounts** – Provides stronger authentication.
✅ **Regularly Audit MFA Settings** – Ensure compliance with security policies.
✅ **Have a Backup Method** – Use multiple authentication options for recovery.

Frequently Asked Questions

Find answers to common questions

CrowdStrike Falcon supports two primary authentication methods for MFA: Authenticator Apps and Security Keys. For Authenticator Apps, you can use tools like Google Authenticator or Microsoft Authenticator. Users simply scan a QR code during setup and enter the generated 6-digit code. For Security Keys, devices like YubiKey or any FIDO2-compliant security key can be registered by inserting the key into a USB port and following on-screen prompts. Choose the method that best fits your organization’s security posture and user convenience.

Need Expert CrowdStrike Management?

Our team manages CrowdStrike deployments for businesses like yours. Get 24/7 threat detection and response with expert oversight.

Learn About 24/7 Detection & ResponseExplore Vulnerability Management

Related Articles

CrowdStrike User Roles: Create Custom Roles & Manage Permissions

Create and manage user roles in CrowdStrike Falcon. Configure RBAC, assign permissions, and restrict console access.

Read More →

CrowdStrike Exchange Exclusions | Configure Falcon for Exchange Server

Configure CrowdStrike exclusions for Exchange Server. Protect database files, logs, and processes to ensure mail flow.

Read More →

Deploy CrowdStrike Falcon via GPO | Active Directory Guide

Step-by-step guide to deploy CrowdStrike Falcon sensors using Group Policy. Silent installation, startup scripts, troubleshooting tips for AD environments.

Read More →
Back to CrowdStrike