Multi-Factor Authentication
Multi-factor authentication (MFA) can be enforced globally by an IDMS or enforced on individual users. Kion supports two forms of MFA when using the internal directory:
- TOTP via Google Authenticator
- WebAuthn via YubiKey
For information about additional MFA integrations, see IDMS Integrations.
MFA can only be used on the internal directory. Enforcing MFA on LDAP or SAML must be configured through your LDAP/SAML provider.
To enable MFA enforcement on your internal IDMS:
- Navigate to Users > Identity Management Systems.
- Click the ellipsis menu next to the IDMS you want to add MFA to and select Edit.
- In the Enforce MFA dropdown menu, select the type of authentication you want to use.
- Click Update IDMS.
All users in the IDMS will be prompted to register an MFA token the next time they sign in.
To enable MFA enforcement for a specific user:
- Navigate to Users > All Users.
- Click the ellipsis menu next to the user you want to make changes to and select Edit.
- In the Enforce MFA dropdown menu, select the type of authentication you want to use.
- Click Update.
The user will be prompted to register an MFA token the next time they sign in.
If you change the Enforce MFA setting for a user to None, the user will no longer need their MFA token to log in. However, if there is a global Enforce MFA option enabled on the IDMS, MFA is still enforced.