Multi-Factor Authentication
Multi-factor authentication (MFA) can be enforced globally by an IDMS or enforced on individual users. Kion supports two forms of MFA:
- TOTP via Google Authenticator
- WebAuthn via YubiKey
For information about additional MFA integrations, see IDMS Integrations.
Requiring MFA Globally
- Navigate to Users > Identity Management Systems.
- Click the ellipsis menu next to the IDMS you want to add MFA to and select Edit.
- In the Enforce MFA dropdown menu, select the type of authentication you want to use.
- Click Update IDMS.
All users in the IDMS will be prompted to register an MFA token the next time they sign in.
MFA can also be enabled when adding an IDMS.
Requiring MFA for a User
- Navigate to Users > All Users.
- Click the ellipsis menu next to the user you want to make changes to and select Edit.
- In the Enforce MFA dropdown menu, select the type of authentication you want to use.
- Click Update.
The user will be prompted to register an MFA token the next time they sign in.
If you change the Enforce MFA setting for a user to None, the user will no longer need their MFA token to log in. However, if there is a global Enforce MFA option enabled on the IDMS, MFA is still enforced.
User Opt-In
If MFA is not already required by the IDMS or administrator, users can choose to enable MFA for themselves in their My User Settings. For more information, see My User Settings.