Enabling Two-Factor Authentication
Even if two-factor authentication is not enforced by the security administrator, individual KeyControl Vault-managed users can enable it on their own system.
Note: Active Directory users can only use two-factor authentication if it is enforced by the security administrator.
Before You Begin
Make sure you have access to an authentication app that can generate HOTP or TOTP passwords. For example:
- For TOTP authentication, you can use the free app Authy on both iOS and Android. Authy continually creates passwords that are valid for 30 seconds. If the current password will expire before you can submit the login request, you need to wait for Authy to generate a new password and then you can use that to log in.
- For HOTP authentication on iOS, you can use the free app OTP Auth. A password generated through OTP Auth is valid from the time you create it until you use it to log in. To log in a second time you must click the Next button in the app to generate a new password.
Procedure
- Log into the KeyControl webGUI with your standard account credentials.
- In the top menu bar, click Settings.
- In the Two-Factor Authentication field, click Set up Two-Factor Authentication.
-
In the Enable Two-Factor dialog box:
- Select the HOTP or TOTP radio button.
- Scan the generated bar code with your authorization app.
- Enter the six-digit verification code from your app in the dialog box.
- Click Continue. KeyControl Vault verifies that the code is correct and displays a message indicating success or failure. If the code is not correct, re-enter it.
- After the code has been accepted, click Done.
- The next time you log into the KeyControl webGUI, you will need to append a valid OTP to your standard account password on the KeyControl webGUI Login Page. Do not add any characters or spaces between your account password and the one-time password generated by your authorization app. In addition, if you are using TOTP, make sure the password will not expire before you submit the login request.
