Enabling Two-Factor Authentication in KeyControl Vault for Secrets

Before You Begin 

Make sure you have access to an authentication app that can generate HOTP or TOTP passwords. For example:

• For TOTP authentication, you can use a TOTP application such as Google Authenticator or Microsoft Authenticator. These applications continually create passwords that are valid for 30 seconds. If the current password will expire before you can submit the login request, you need to wait for it to generate a new password and then you can use that to log in.
• For HOTP authentication, you can use a HOTP application such as Google Authenticator or Microsoft Authenticator. A password generated through the application is valid from the time you create it until you use it to log in. To log in a second time you must click the Next button in the app to generate a new password.

Procedure

1. Log into the KeyControl Vault for Secrets webGUI.
2. Click Settings.
3. In the Authentication tab, in the Two-Factor Authentication section, click Setup.

4. In the Setup Two-Factor dialog box:

   1. Select the HOTP or TOTP radio button.
   2. Scan the generated bar code with your authorization app.
   3. Enter the six-digit verification code from your app in the dialog box.
   4. Click Apply. KeyControl verifies that the code is correct and displays a message indicating success or failure. If the code is not correct, re-enter it.
   5. After the code has been accepted, click Done.

5. When you log into the KeyControl Vault for Secrets webGUI, you will need to append a valid OTP to your standard account password on the Login Page. Do not add any characters or spaces between your account password and the one-time password generated by your authorization app. In addition, if you are using TOTP, make sure the password will not expire before you submit the login request.

   For example, if your password is XyZ123$, and your OTP is 32325, you would enter the following in the password field: XyZ123$32325.