Kaseya Community

MFA & admin action logging in Kaseya for compliance

This question is answered

Most of our customers require PCI compliance and we are now having a discussion about what this means for us as kaseya server operators.  2 main issues have been brought up:  Outside vendors are required to use multi-factor authentication to access customers' systems, and everything needs to be logged.  I know that there is basic logging in the system tab, but it doesn't specifically say which group the admin is accessing, only the module.  Has anyone found a way to get more specific logging?


Secondly, I know there is scorpionsoft for MFA and I believe our plan is to go with it, but we have other projects right now that have priority over implementing this solution for 50+ users.  Does anyone know of a smaller solution that can provide MFA for a few admins in the interim?

Verified Answer
  • With the AuthAnvil AddIn for Kaseya you can implement it and enforce only your admins in VSA to need MFA.  You don't need to enforce it for all users.

    At Kaseya Connect we announced that this is now being included in Kaseya going forward natively, for FREE. So you will be able to to do MFA enforcement for not just the login, but also on protected endpoints defined. So if you have compliance obligations where you want to first enforce an MFA check before Remote Control can launch or KLC is accessed, you can do that. It is all centrally logged and tracked so you have a forensic timeline of activity conducted in KLC. At present, it is the ONLY way to meet regulatory compliance governance requirements for the likes of PCI and HIPAA (Security Rule). And does so well.

    HTH.

All Replies
  • Give them portal access with Kaseya to the specific machines (or a vsa user). Turn on notes as a requirement prior to login into a computer. The vendors will be forced to log notes as well as have a list of remote logs you can easily collect and report back on. You can also (if you like) turn on screen capture on their remote session, then you could even play back the entire session to see what the vendor did.

    We use 2FA (MFA) from AuthAnvil to provide this through our VSA. We've given them a token and a list them on a group login, so that we only have to manage the one group/user for the Vendor. From that point, we can add/remove any email addresses we like to the group and it's all logged in 2 places. If you wanted to get slick, you could add SSO to it and have them access only the resources you grant access too, both inside and outside the VSA.

  • Thanks for your response.  I guess I should clarify, we are considered the vendor.  I know of the steps we need to take for remote sessions, but remote controlling is a small part of it.  Even without remoting on, I can easily move files onto machines and access the command prompt.  What I am asking may not even be possible, but I thought it was worth a shot to see if anyone else has thought of it.

    Authanvil def seems to be the way to go with kaseya.  Just wondering if there are other options.  Thanks!

  • With the AuthAnvil AddIn for Kaseya you can implement it and enforce only your admins in VSA to need MFA.  You don't need to enforce it for all users.

    At Kaseya Connect we announced that this is now being included in Kaseya going forward natively, for FREE. So you will be able to to do MFA enforcement for not just the login, but also on protected endpoints defined. So if you have compliance obligations where you want to first enforce an MFA check before Remote Control can launch or KLC is accessed, you can do that. It is all centrally logged and tracked so you have a forensic timeline of activity conducted in KLC. At present, it is the ONLY way to meet regulatory compliance governance requirements for the likes of PCI and HIPAA (Security Rule). And does so well.

    HTH.