Enabling Two-factor Authentication or Multi-factor Authentication on Your Account
Enabling multi-factor authentication (MFA) on your account will require an additional identity verification step at the time you log in. Once configured and enabled for an account, our system will require the use of an authentication code generated by an authenticator application each time you log in to your account.
Admins can set up MFA for any user on the account. Alternatively, users can self-enable MFA within the Learner Experience. Click the links below to navigate to a specific set of steps.
Note:
If you are using a single sign-on (SSO) login method, this feature is not applicable—your SSO application will authenticate instead.
Jump to:
Enabling MFA for Yourself as an Admin
Enabling MFA for Your End Users
Enabling MFA in the Learner Experience
Troubleshooting
Enabling MFA for Yourself as an Admin
The steps below outline how to enable MFA for yourself from the admin console. If you're logged into the Learner Experience, see the Enabling MFA in the Learner Experience section of this article.
To enable MFA from the admin console:
- Ensure you have downloaded an authenticator application on your smartphone. Check out our Multi-Factor or Two-Factor Authentication Applications article for some recommended apps.
- Click on your email address in the top-right of the screen and select Profile.
- At the bottom of your profile, you'll see the Multi-Factor Authentication option.
- Click the Enable button.
- A modal will display with a barcode and an MFA secret code. You can either:
- Scan the barcode with your authenticator application.
—OR— - Manually enter the unique code provided.
- Scan the barcode with your authenticator application.
- A six-digit one-time password should appear on your authentication app. Enter this password in the indicated field.
- Click OK to close the modal. Then, click the Update Profile button at the bottom of the page to save these changes.
The next time you attempt to log in, you will be prompted to enter a code from the authentication application on your smartphone. This will be required each time you log in to your account.
Enabling MFA for Your End Users
The steps below outline how to enable MFA for your users. MFA cannot be set for multiple users at once, each user must be set up individually. If you would like users to enable MFA on their own, see the Enabling MFA in the Learner Experience section of this article.
- Ensure your end users have downloaded an authenticator application on their smartphones. Check out our Multi-Factor or Two-Factor Authentication Applications article for some recommended apps.
- Go to the Users tab.
- From the list on the Users subtab, find the user you'd like to enable MFA for.
- Click the user's name or email address to go to their User Profile.
- Go to their User Information tab. At the bottom of the page, you'll see the Multi-Factor Authentication option.
- Click the Enable button.
- A modal will display with a barcode and an MFA secret code. Your end user can either:
- Scan that barcode with your authenticator application.
—OR— - Manually enter the unique code provided.
- Scan that barcode with your authenticator application.
- Click OK to close the modal. Then, click the Update User button at the bottom of the page to save these changes.
The next time this user attempts to log in, they will be prompted to enter a code from the authentication application on their smartphone. This will be required each time the user logs in to their account.
Enable MFA in the Learner Experience
Follow these steps to enable multi-factor authentication (MFA) from the Learner Experience:
- Ensure you have downloaded an authenticator application on your smartphone. Check out our Multi-Factor or Two-Factor Authentication Applications article for some recommended apps.
- Log in to your KnowBe4 training account.
- Click on your name in the top-right of the screen and select Profile.
- On the page that opens, go to the Multi-Factor Authentication section and click Enable.
- A pop-up will appear with a unique barcode. Open the authenticator application on your smartphone and scan the barcode.
- A six-digit one-time password (OTP) should appear on your authenticator app. Enter those digits on the Enable MFA setup screen.
- If the OTP is correct, the page will refresh and MFA will be enabled for your account. If the OTP is incorrect, MFA will not be enabled and you will need to try again.
Troubleshooting
If a user incorrectly enters their MFA code three times, they will be locked out of their KnowBe4 account.
End Users
If you are an End User attempting to log in for training and you got locked out of your account due to MFA, please contact your IT administrator, manager, or supervisor.
Admins: Unlock a User's Account
To re-enable a user's account, after being locked out due to MFA, first disable MFA for that user. Then, enable MFA from their User Profile or have the user enable MFA from their Learner Experience.
Admins: Unlock Your Own Account
If you are an admin on your KnowBe4 account and you get locked out due to MFA, please reach out to our support team for assistance.
Comments
0 comments
Article is closed for comments.