Enabling multi-factor authentication (MFA) on your account will require an additional identity verification step at the time you log in.
Once configured and enabled for an account, our system will require the use of an authentication code generated by an authenticator application each time you log in to your account. Users can set this up for themselves, or as an alternative, admins may set this up for each user.
Want users to self-enable MFA on their accounts? Click here to jump to those instructions.
If you are using a single sign-on (SSO) login method, this feature is not applicable--your SSO application will authenticate instead.
Not sure what authentication application you should use to set up MFA? View this article, which links you to several options.
Enabling MFA as an Admin
The below steps indicate how to enable MFA from the admin console. If you're logged into the Learner Experience, your setup steps will be different. See here.
1. Ensure you have downloaded an authenticator application on your smartphone. Possible apps include Google Authenticator, Authy, and LastPass.
2. To enable MFA in your account, click on your email address in the top-right of the screen, then click on Profile.
3. On the screen that follows, you will see a barcode. You have two options to set up MFA:
- Scan that barcode with your authenticator application, or,
- Manually enter the unique “secret key” provided to you beneath the barcode.
4. Once you’ve completed Step 3, click the MFA Enabled checkbox on the bottom of your Profile page. Then click on the Update Profile button.
The next time you attempt to log in, you'll be prompted to enter an authentication code from your authenticator application on your smartphone. This will be required each time you attempt to log in to your account.
Enabling MFA for Your End Users
The below instructions explain how to set up MFA for your end users.
Note that you cannot set up MFA at a global level. Each user must set it individually, or you can set it up for each user. Your users can also set up MFA themselves while logged in to the Learner Experience. For instructions that you can share with your users, click here.
1. Ensure your user has downloaded an authenticator application on their smartphone. Possible apps include Google Authenticator, Authy, and LastPass.
2. To enable MFA in your user’s account, click the All Users tab. Find the user you would like to enable MFA for. Click the drop-down to the right of that user, and click on Edit.
3. On the screen that follows, you will see a barcode. You have two options to set up MFA for this user:
- Have your user scan that barcode with their authenticator application, or,
- Provide the unique “secret key” shown beneath the barcode to that user.
4. Once you’ve completed Step 3, click the MFA Enabled checkbox on the bottom of their Profile page. Then click on the Update Profile button. The next time your user attempts to log in, they will be prompted for the authentication code from their authenticator application before they can move forward with their login.
Enable MFA in the Learner Experience
Want to add a layer of security to your KnowBe4 training account? Follow these steps to enable multi-factor authentication (MFA):
- To enable MFA in your account, first ensure you have downloaded an authenticator application on your smartphone.
- After logging in to your KnowBe4 account, click your email address in the top-right of the screen. Then, click Profile.
- Scroll to the Multi-Factor Authentication section and click Enable.
- A unique barcode will appear onscreen. Open your authenticator application on your smartphone and scan the barcode.
- A six-digit one-time password (OTP) should appear on your authenticator application. Enter those digits on your Enable MFA setup screen.
- If the OTP is correct, the page will refresh and MFA will be enabled for your account. If the OTP is incorrect, MFA will not be enabled, and you'll need to attempt to enter the digits again.
For additional assistance, please reach out to our support team.
Troubleshooting: Locked out of your account?
If you incorrectly enter your MFA code three times, you'll be locked out of your KnowBe4 account.
Users - Locked out of training?
If you are attempting to log in for training and you get locked out due to MFA, you must contact your IT administrator to unlock your account. Unsure who your IT administrator is? Contact your supervisor.
Admins - Locked out of your account?
If you are an admin on your KnowBe4 account and you get locked out due to MFA, you must contact KnowBe4 support.
Admins - Need to reset MFA for one of your users?
To re-enable your user's account again after being locked out due to MFA, disable MFA and then save your update. You'll need to follow the steps to re-enable MFA for your user or instruct your user to do so.