Account Security

Enable Two-Factor or Multi-Factor Authentication on Your Account

Enabling multi-factor authentication (MFA) on your account will add a step to the login process that requires the user to verify their identity. Users with MFA enabled will be required to use an authentication code generated by an authenticator application each time they log in to their account.

Admins can enable MFA for any user on the account. Admins can also enable MFA for admins or all users. For more information, see our KMSAT Account Settings: User Management article. Users can also enable MFA for their account within the Learner Experience.

Note: This feature is not applicable if you are using a single sign-on (SSO) login method. Your SSO application will authenticate instead.

Enabling MFA as an Admin

The steps below outline how to enable MFA as an admin from the admin console. If you would prefer to enable MFA from the Learner Experience, see the Enabling MFA in the Learner Experience section of this article.

To enable MFA from the admin console, follow the steps below:

  1. Download an authenticator application on your smartphone. See our Multi-Factor or Two-Factor Authentication Applications article for recommended applications.
  2. Log in to your KnowBe4 account.
  3. Click your email address in the top-right corner and select Profile.
  4. At the bottom of your profile, you'll see the Multi-Factor Authentication option.
  5. Click the Enable button. 
  6. A modal will display a QR code and an MFA code. You can either:
    1. Scan the barcode with your authenticator application.—OR—
    2. Manually enter the unique code provided.
  7. A six-digit one-time password will display on your authentication app. Enter this password into the field.
  8. Click OK to close the modal.
  9. Click the Update Profile button to save these changes.

The next time you log in, you will be asked to enter a code generated by the authentication application on your smartphone. The authentication code will be required each time you log in to your account.

Enabling MFA for Your End Users

The steps below outline how to enable MFA for your users. MFA cannot be set for multiple users at once, each user must be set up individually. If you would like users to enable MFA on their own, see the Enabling MFA in the Learner Experience section of this article.

  1. Have your users download an authenticator application on their smartphone. See our Multi-Factor or Two-Factor Authentication Applications article for recommended applications.
  2. Log in to your KnowBe4 account.
  3. Click the Users tab.
  4. From the list on the Users subtab, find the user you'd like to enable MFA for. 
  5. Click the user's name or email address to go to their User Profile.
  6. Navigate to their User Information tab. At the bottom of your profile, you'll see the Multi-Factor Authentication option.
  7. Click the Enable button. 
  8. A modal will display a QR code and an MFA code. Then the user can either:
    1. Scan that barcode with their authenticator application.—OR—
    2. Manually enter the unique code provided.
  9. Click OK to close the modal.
  10. Click the Update User button to save these changes.

The next time the user logs in to their account, they will be asked to enter a code from the authentication application on their smartphone. The authentication code will be required each time they log in to their account.

Enable MFA in the Learner Experience

Follow these steps to enable multi-factor authentication (MFA) from the Learner Experience:

  1. Download an authenticator application on your smartphone. See our Multi-Factor or Two-Factor Authentication Applications article for recommended applications.
  2. Log in to your KnowBe4 training account.
  3. Click your email address in the top-right corner and select Profile.
  4. On the page that opens, go to the Multi-Factor Authentication section
  5. Click Enable.
  6. A modal will display a QR code. You can scan the barcode with your authenticator application.
  7. A six-digit one-time password will display on your authentication app. Enter this password into the field.

If the OTP is correct, the page will refresh and MFA will be enabled for your account. However, if the OTP is incorrect, MFA will not be enabled and you will need to try again.

Locked Account

If you incorrectly enter your MFA code three times, you will be locked out of your KnowBe4 account. Your account will automatically unlock after one hour. If you need to access your account immediately, please have contact your IT administrator, manager, or supervisor for assistance.

Unlocking a User's Account

To re-enable a user's account after being locked out because of MFA, you will need to disable MFA for their account. Then, you will need to manually enable MFA from their User Profile or have the user enable MFA from their Learner Experience after they log in again

Unlocking Your Account

If you are an admin on your KnowBe4 account and get locked out due to MFA, please reach out to our support team for assistance.

Can't find what you're looking for?

Contact Support