Enabling multi-factor authentication (MFA) or two-factor authentication (2FA) on your account will require an additional identity verification step at the time you log in.
Once configured and enabled for an account, our system will require the use of an authentication code generated by an authenticator application each time you log in to your account. Users can set this up for themselves, or as an alternative, admins may set this up for each user.
If you are using a single sign-on (SSO) login method, this feature is not applicable--your SSO application will authenticate instead.
Not sure what authentication application you should use to set up MFA? View this article, which links you to several options.
Enabling MFA for yourself? Follow these steps:
1. Ensure you have downloaded an authenticator application on your smartphone. Possible apps include Google Authenticator, Authy, and LastPass, among others.
2. To enable two-factor authentication in your account, click on your email address in the top-right of the screen, then click on Profile.
3. On the screen that follows, you will see a barcode. You have two options to set up 2FA:
- Scan that barcode with your authenticator application, or,
- Manually enter the unique “secret key” provided to you beneath the barcode.
4. Once you’ve completed Step 3, click the MFA Enabled checkbox on the bottom of your Profile page. Then click on the Update Profile button.
Now, you'll be prompted to enter an authentication code from your authenticator application on your smartphone each time you log in to your account.
Are you an admin? Follow these steps to set up MFA for a user:
1. Ensure your user has downloaded an authenticator application on their smartphone. Possible apps include Google Authenticator, Authy, and LastPass, among others.
2. To enable 2FA in your user’s account, click the All Users tab. Find the user you would like to enable 2FA for. Click the drop-down to the right of that user, and click on Edit.
3. On the screen that follows, you will see a barcode. You have two options to set up 2FA for this user:
- Have your user scan that barcode with their authenticator application, or,
- Provide the unique “secret key” shown beneath the barcode to that user.
4. Once you’ve completed Step 3, click the MFA Enabled checkbox on the bottom of their Profile page. Then click on the Update Profile button. Now, when your user logs in, they will be prompted for the authentication code from their authenticator application before they can move forward with their login.
Note: You cannot set up two-factor authentication at a global level. Each user must set it individually, or you can set it up for each user.
Troubleshooting: Locked out of your account?
If you incorrectly enter your MFA code three times, you'll be locked out of your KnowBe4 account.
Users - Locked out of training?
If you are attempting to log in for training and you get locked out due to MFA, you must contact your IT administrator to unlock your account. Unsure who your IT administrator is? Contact your supervisor.
Admins - Locked out of your account?
If you are an admin on your KnowBe4 account and you get locked out due to MFA, you must contact KnowBe4 support.
Admins - Need to reset MFA for one of your users?
To re-enable your user's account again after being locked out due to MFA, disable MFA and then save your update. You'll need to follow the steps to re-enable MFA for your user or instruct your user to do so.
New User Interface (Beta)
Using the new user interface? Follow these steps to enable MFA on your account:
- To enable two-factor authentication in your account, first ensure you have downloaded an authenticator application on your smartphone.
- After logging in to your KnowBe4 account, click your email address in the top-right of the screen. Then, click Profile.
- Scroll to the Multi-Factor Authentication section and click Enable.
- A unique barcode will appear onscreen. Open your authenticator application on your smartphone and scan the barcode.
- A six-digit one-time password (OTP) should appear on your authenticator application. Enter those digits on your Enable MFA setup screen.
- If the OTP is correct, the page will refresh and MFA will be enabled for your account. If the OTP is incorrect, MFA will not be enabled, and you'll need to attempt to enter the digits again.
For additional assistance, please reach out to our support team.