Account Settings

How to Enable and Configure Multi-Factor Authentication (MFA) for KCM GRC

If your organization uses multi-factor authentication (MFA), you can enable MFA for your KCM GRC account. Enabling MFA will add an additional verification step when you log in to KCM GRC. Once MFA is configured for your account, KCM GRC will require that you enter an authentication code generated by your authenticator application each time you log in to your account.

If you're a KCM GRC Account Administrator or if your account contains sensitive information, we recommended that you set up MFA to make your account more secure. You can also require that all users use MFA to log in to your KCM GRC account. 

Note: If you're using single sign-on (SSO) to log in to KCM GRC, you will not be able to use MFA to log in to KCM GRC. Your SSO application will authenticate your login request. For more information about single sign-on, see our How to Set Up SAML/SSO for KCM GRC article. 

Mandating MFA for All User Accounts

Note: If you're adding Vendor User or Auditor user roles to your account and do not want to enforce MFA for these users, we recommend that you enable MFA for individual user accounts instead. To learn more, see the Mandate MFA for Individual User Accounts section below.

If you're an Account Administrator, follow the steps below to mandate MFA for all users in your account:

  1. Make sure your users have downloaded an authenticator application on their smartphone, such as Google Authenticator, Authy, or LastPass.
  2. Log in to KCM GRC.
  3. In the top-right corner of the page, click the Settings button.
  4. In the drop-down menu, select the Account Settings tab. When you select this tab, you'll be taken to the View Account page.  Account Settings tab
  5. Select the Account Settings subtab Account Settings subtab
  6. In the Account Settings section of the page, click the Secure MFA Login drop-down menu.
  7. Select Mandatory to require that all of your users use an authenticator application to log in to KCM GRC. Mandatory MFA option
  8. Click the Save button.
Important: If you change the Secure MFA Login setting back to Optional, all users who have configured MFA will need to reset their MFA in order to turn this feature off. For more information, see the Disable MFA section below.

Once you've changed this account-wide setting to Mandatory, you'll have to configure MFA for your own account the next time you log in. To learn how to configure MFA for your account, see the Configuring Authenticator Applications for KCM GRC section below. 

Mandating MFA for Individual User Accounts

As an alternative to requiring MFA for all user accounts, Account Administrators can mandate MFA for specific user accounts. 

Follow the steps below to mandate MFA for individual user accounts:

  1. Log in to KCM GRC.
  2. In the top-right corner of the page, click the Settings button.
  3. In the drop-down menu, select the Manage Users tab. When you select this tab, you'll be taken to the Manage Users page. Manage Users tab
  4. Click the pencil icon next to the user who you would like to require MFA for. When you click this icon, you'll be taken to the User Management page. Update user pencil icon
  5. Select the Require MFA toggle to enable this setting. Require MFA toggle
  6. Click the Save button.

Once you've updated this user setting, the user will be prompted to configure their Authenticator Application the next time they log in to their account.

Tip: Each User Management page displays an MFA Secure Login indicator. The indicator will display Disabled until the user configures their authenticator application for their KCM GRC account.

Configuring Authenticator Applications for KCM GRC

If your Account Administrator has mandated MFA for your account, you will be prompted to configure your authenticator application the next time you log in.

Follow the steps below to learn how to configure MFA for your account:

  1. If you haven't already, download your organization's authenticator application on your smartphone, such as Google Authenticator, Authy, and LastPass, among others.
  2. Follow the prompts in the authenticator application to add a new account.
  3. Log in to your KCM GRC account. You will be prompted to set up MFA. 
  4. From your authenticator application, capture the QR barcode from the KCM GRC Enable MFA page. If this method is not successful, you can manually enter the Secret Token displayed on this page. MFA setup QR code
  5. Once your authenticator application has recognized this QR code or secret token, it will add KB4 Compliance and begin to provide authentication codes. Enter the first code in the Verify Code 1 field of the KCM GRC Enable MFA page. KCM GRC will automatically verify the accuracy of the code you provide. MFA setup code fields
  6. Wait until your application provides another code, then input this code into the Verify Code 2 field.
  7. Once both codes have been verified, the Enable Secure MFA Login button will be enabled. Click this button to complete the setup

Setting Up MFA for Your Account

Follow the steps below to set up MFA for your own account: 

  1. Make sure you've downloaded an authenticator application to your smartphone, such as Google Authenticator, Authy, and LastPass, among others.
  2. Log in to KCM GRC.
  3. In the top-right corner of the page, click your name.
  4. Click the Profile button. Account Profile button
  5. From the User Profile page, click the Set Up MFA button. When you click this button, you'll be taken to the Enable MFA page. Set Up MFA button
  6. Follow steps one through four from the Configure Authenticator Applications for KCM GRC section above to configure MFA for your KCM GRC account.

Disabling MFA

If MFA is optional for your account and you would like to reset or disable MFA, follow the instructions below:

  1. Log in to KCM GRC.
  2. In the top-right corner of the page, click your name.
  3. Click the Profile button. Account Profile button
  4. From the User Profile page, click the Reset MFA button. Reset MFA button
  5. In the pop-up window that opens, click the Reset MFA button to disable MFA.
  6. Click the OK button.
  7. (Optional) If you would like to set up MFA again, click the Set Up MFA button and follow the instructions in the Configuring Authenticator Applications for KCM GRC section above. 

If you're an Account Administrator and you need to disable MFA for an individual user account, follow the steps below:

  1. Log in to KCM GRC.
  2. In the top-right corner of the page, click the Settings button.
  3. In the drop-down menu, select the Manage Users tab. When you select this tab, you'll be taken to the Manage Users page. Manage Users tab
  4. Click the pencil icon next to the user who you would like to require MFA for. When you click this icon, you'll be taken to the User Management page. Edit user pencil icon
  5. Select the Require MFA toggle to disable the setting.
  6. Click the Save button.
  7. Click the Reset MFA button to disable MFA for the user. Reset MFA button from Account Admin view
  8. In the pop-up window that opens, click the Reset MFA button to disable MFA.
  9. Click the OK button.

Troubleshooting MFA

If you're an Account Administrator and one of your users is unable to log in to their account due with MFA, you can reset the user's MFA.

Follow the steps below to reset a user's MFA:

  1. Log in to KCM GRC. 
  2. In the top-right corner of the page, click the Settings button.
  3. In the drop-down menu, select the Manage Users tab. When you select this tab, you'll be taken to the Manage Users page. Manage Users tab
  4. Click the pencil icon next to the user who you would like to reset MFA for. When you click this icon, you'll be taken to the User Management page. Update user pencil icon
  5. Click the Reset MFA button. Reset MFA button from Account Admin view
  6. In the pop-up window that opens, click the Reset MFA button. Reset MFA confirmation button
  7. Click the OK button. 

The next time the user logs in to KCM GRC, they will be prompted to reconfigure their authenticator application for KCM GRC. For instructions, see the Configuring Authenticator Applications for KCM GRC section above.

If resetting the user's MFA does not solve the issue or if you need additional help, contact our support team

Can't find what you're looking for?

Contact Support