Reference Guide
Multi-Factor Authentication

Using MFA to Log in to the Kron PAM Web GUI

2min

MFA can be used to add another security level to the Kron PAM login.

After users enter their Kron PAM login credentials, the system will ask for a One-Time Password (OTP)that will be generated by the mobile app or SMS.

Prerequisites:

All users and the admin user must do the following:

  1. Generate a QR code.
  2. Install the Kron PAM mobile app.
  3. Scan the QR code with the mobile app. MFA must be enabled for a user group. If there is no user group enabled MFA will not work. If MFA is enabled for one or more user groups, MFA will be enabled only for these users for Kron PAM logins. See, Creating a Connection Between Kron PAM and the Kron PAM Mobile Application . MFA also must be configured for the Admin, by creating and sending a QR Code so that the Admin can sync their Kron PAM and their Kron PAM Mobile App.

If MFA has not been configured for the Admin, the Admin will not be able to log in. If the Admin gets locked out, please contact the Kron PAM Support Team.

To activate Multi-Factor Authentication (MFA) for the Kron PAM GUI log in:

  1. Navigate to Administration > System Configuration Manager
  2. Set the required parameters: sc.portal.otp.enabled=true (one-time password enabled for GUI Login) otp.rest.url=http://127.0.0.1 (If SSL is enabled in the network, the URL should be https://127.0.0.1)
  3. Log out and log in again. After logging in, Kron PAM asks for an offline token.
  4. Open the Kron PAM mobile app, select Offline Token, and enter the token value to log in.
Enabling MFA for Kron PAM Log In
Enabling MFA for Kron PAM Log In