Enabling Two-Factor Authentication

Even if two-factor authentication is not enforced by the security administrator, individual KeyControl Vault Management webGUI users can enable it on their own system.

Note: For security, the KeyControl Sign In page does not prompt for the OTP.

Before You Begin 

Make sure you have access to an authentication app that can generate HOTP or TOTP passwords. For example:

  • For TOTP authentication, you can use a TOTP application such as Google Authenticator or Microsoft Authenticator. These applications continually create passwords that are valid for 30 seconds. If the current password will expire before you can submit the login request, you need to wait for it to generate a new password and then you can use that to log in.
  • For HOTP authentication, you can use a HOTP application such as Google Authenticator or Microsoft Authenticator. A password generated through the application is valid from the time you create it until you use it to log in. To log in a second time you must click the Next button in the app to generate a new password.

Procedure

  1. Log into the KeyControl Vault Management webGUI using an account with Security Admin privileges.
  2. In the top menu bar, click Settings.
  3. In the Two-Factor Authentication field, click Set up Two-Factor Authentication.

  4. In the Enable Two-Factor dialog box:

    1. Select the HOTP or TOTP radio button.
    2. Scan the generated bar code with your authorization app.
    3. Enter the six-digit verification code from your app in the dialog box.
    4. Click Continue. KeyControl verifies that the code is correct and displays a message indicating success or failure. If the code is not correct, re-enter it.
    5. After the code has been accepted, click Done.

  5. When you log into the KeyControl webGUI, you will need to append a valid OTP to your standard account password on the KeyControl Vault Management webGUI Login Page. Do not add any characters or spaces between your account password and the one-time password generated by your authorization app. In addition, if you are using TOTP, make sure the password will not expire before you submit the login request.

    For example, if your password is XyZ123$, and your OTP is 32325, you would enter the following in the password field: XyZ123$32325.