Reference Guide
Multi-Factor Authentication
Using MFA to Log in to the Kron PAM Web GUI
MFA can be used to add another security level to the Kron PAM login.
After users enter their Kron PAM login credentials, the system will ask for a One-Time Password (OTP)that will be generated by the mobile app or SMS.
Prerequisites:
All users and the admin user must do the following:
- Generate a QR code.
- Install the Kron PAM Mobile Client.
- Scan the QR code with the Mobile Client.
- MFA must be enabled for a user group. If there is no user group enabled MFA will not work. If MFA is enabled for one or more user groups, it will only be enabled for these users for Kron PAM logins. See, Using MFA for Mobile Client and Enabling Multi-Factor Authentication (MFA)
- MFA also must be configured for the Admin, by creating and sending a QR Code so that the Admin can sync their Kron PAM and their Kron PAM Mobile Client.
- If MFA has not been configured for the Admin, the Admin cannot log in. If the Admin gets locked out, please contact the Kron PAM Support Team.
To activate Multi-Factor Authentication (MFA) for the Kron PAM GUI log in:
- Navigate to Administration > System Configuration Manager
- Set the required parameters: sc.portal.otp.enabled=true (one-time password enabled for GUI Login) otp.rest.url=http://127.0.0.1 (If SSL is enabled in the network, the URL should be https://127.0.0.1)
- Log out and log in again. After logging in, Kron PAM asks for an offline token.
- Open the Kron PAM Mobile Client, select Offline Token, and enter the token value to log in.
Enabling MFA for Kron PAM Log In