How to enable 2Factor Authentication, reset a token and set a transition window on a K1000 (4282321)

This article will provide steps on how to setup 2Factor Authentication for your KACE SMA, How to reset the token for a user and how to set a transition window

When enabling 2factor authentication you have a couple options as to who (all users or some users) will be asked for the verification code and where (admin portal or user portal), users will be giving instructions to install the Google Authenticator to generate the needed codes to log in.

2FA on a None-Org appliance

To enable 2factor authentication for SELCTED users authenticating on the admin portal:

1. Go to Settings|Security Setting and scroll down to Two-Factor Authentication
2. Check the option “Enable Two-Factor Authentication for Admin Portal”
3. Click on “Save and restart Services” button
4. Go to Settings|Users
5. Locate a user that logs in to the admin portal and click to view the details
6. Check the option “Require Two-Factor Authentication”
7. Click the “Save” button

Note: Repeat steps 5 to 7 until all required users have the option enabled – if the option on the user is not selected, 2FA will not be requested when the user logs in to the admin portal

To enable 2factor authentication for ALL users authenticating on the admin portal:

1. Go to Settings|Security Setting and scroll down to Two-Factor Authentication
2. Check the option “Enable Two-Factor Authentication for Admin Portal”
3. Check the option “Required for all Users”

Note: 2FA will be required for ALL users trying to log in to the admin portal

To enable 2factor authentication for SELCTED users authenticating on the user portal:

1. Go to Settings|Security Setting and scroll down to Two-Factor Authentication
2. Check the option “Enable Two-Factor Authentication for Admin Portal”
3. Check the option “Enable Two-Factor Authentication for User Portal”
4. Click on “Save and restart Services” button
5. Go to Settings|Users
6. Locate a user that logs in to the user portal and click to view the details
7. Check the option “Require Two-Factor Authentication”

Note: Repeat steps 5 and 6 until all required users have the option enabled; please also note that the option “Enable Two-Factor Authentication for Admin Portal” needs to be enabled to enable 2FA for the user portal.

To enable 2factor authentication for ALL users authenticating on the user portal:

1. Go to Settings|Security Setting and scroll down to Two-Factor Authentication
2. Check the option “Enable Two-Factor Authentication for Admin Portal”
3. Check the option “Enable Two-Factor Authentication for User Portal”
4. Check the option “Required for all Users” – the one below “Enable Two-Factor Authentication for User Portal”

Note: 2FA will be required for ALL users trying to log in to the user portal

Setting Transition Window

You can also set up a transition window, Users will have this amount of time to configure and verify two-factor authentication before they will no longer be able to login. User will be able to log in during this time and skip the configuration of the Google authenticator.

To set up the transition window:

1. Go to Settings|Security Setting and scroll down to Two-Factor Authentication
2. Under “Transition Window” select Week or Day from the drop down and input the amount of times the window will be open

Reset Token

If a user did not set up his google authenticator to log in with 2FA or the user misplaced or lost his google authenticator, you can reset the token for this user so they can once again log back in and configure the google authenticator once more.

To reset the token:

1. Go to Settings|Users
2. Locate the user the user in questions and click on it to view the details
3. Click on the “Reset Token” button – green confirmation banner will show up when done
4. Click the “Save” button

Note: once the token resets, the user is presented with the option to configure the google authenticator and will have the option to skip the configuration as stated on the Transition window timeframe