Mobile Client Application User...
Multi-Factor Authentication
Protecting Tokens with MFA
2 min
kron pam ’s built in mfa can be used as a secondary layer of authentication for logging into the kron pam mobile client application for its online features (approval management, geo fencing, and password management) to enable mfa for kron pam mobile client application the user must install the kron pam mobile client application and register a token to receive an offline token from the kron pam mobile client application (the user gets the offline token by navigating to offline token > add > register token ) otp must be enabled for the user group that will be using mfa for kron pam mobile client application connections (see section multi factor authentication in kron pam reference guide ) navigate to administration > system config man set the mobile application otp enabled parameter to true after these settings were done and a login operation was started on the kron pam mobile client application , the kron pam mobile client application will automatically look for a registered token in its offline tokens with the name that matches the tfa otp issuer parameter if there is a registered token with another name (the value of tfa otp issuer ), the kron pam mobile client application will prompt the user to change the registered token the user selects yes, and the page forwards to the token page for entering a new token if the token is matched with the six digit value sent to the user, the user can log in the current six digit value of the offline token is validated with the kron pam server, login will be successful if there’s no registered token in the kron pam mobile client application and mfa is enabled with the parameter above, registering a token also requires multi factor authentication the system will send a one time password (otp) user’s phone number the user will be asked to enter the otp on the kron pam mobile client application the kron pam mobile client mfa functionality works only with the registered tokens to ensure that the offline tokens are only working in one kron pam mobile client at a time