Multi-Factor Authentication

Follow

Multi-Factor Authentication

Multi-factor authentication (MFA) can be enforced globally by an IDMS or enforced on individual users. Kion supports two forms of MFA when using the internal directory:

  • TOTP via Google Authenticator
  • U2F via YubiKey

For information about setting up the internal directory IDMS, see Add an Internal IDMS.

MFA can only be used on the internal directory. Enforcing MFA on LDAP or SAML must be configured through your LDAP/SAML provider.

To enable MFA enforcement on your internal IDMS:

  1. In the left navigation menu, click Users > Identity Management Systems.
  2. Click the ellipsis menu next to the IDMS you want to add MFA to and select Edit.
  3. In the Enforce MFA dropdown menu, select the type of authentication you want to use.
  4. Click Update IDMS.

All users in the IDMS will be prompted to register an MFA token the next time they sign in.

To enable MFA enforcement for a specific user:

  1. In the left navigation menu, click Users > All Users.
  2. Click the ellipsis menu next to the user you want to make changes to and select Edit.
  3. In the Enforce MFA dropdown menu, select the type of authentication you want to use.
  4. Click Update.

The user will be prompted to register an MFA token the next time they sign in.

If you change the Enforce MFA setting for a user to None, the user will no longer need their MFA token to log in. However, if there is a global Enforce MFA option enabled on the IDMS, MFA is still enforced.

 

Was this article helpful?
0 out of 1 found this helpful