Multi-Factor Authentication
2 min
in the agent installed endpoint, we can add a second layer of security during the authentication upon providing the correct credentials users will be asked to provide an otp from the kron pam mobile app to complete login first, users need to enable mfa for the user group from kron pam navigate to administration multi factor authentication > user group management from this menu, enable otp for the desired user groups as a second step navigate to administration > system configuration manager add sc windows agent connection otp enabled parameter as true upon successfully configuring mfa, users will be asked to provide an otp upon connecting to the endpoint when a user enters the wrong otp 3 times the agent terminates the connection offline authentication otp prompts during login can continue even if the agent's connection to pam is lost when the offline authentication toggle is enabled under the agent group (as shown in the screenshot below), it defines the duration (in days) that offline authentication will remain active for agents in that group for this policy to take effect, the user must have logged into the endpoint at least once while the agent was online during the specified period, the otp generation key for that user will be stored locally on the agent in an encrypted format, allowing the otp to be validated locally by the agent