Using MFA for Kron PAM Mobile Client Application

kron pam ’s built in mfa can be used as a secondary layer of authentication for logging into the kron pam mobile client for its online features (approval management, geo fencing, and password manager) to enable mfa for kron pam mobile client application admin and user must install the kron pam mobile client application and register a token to receive offline tokens with the kron pam mobile client application (you get the offline tokens from the offline token > add > register token menu) mfa must be enabled for the user group using mfa for mobile client connections (see sections docid\ hwredpx93kimgdck2kd97 , docid 6zlovf8d5m0egfyjr1cpl , docid\ kzq0mm8v67twh5 hjxgr5 navigate to administration > system configuration manager set the mobile application otp enabled parameter as true after these settings are done and a login operation is started on the kron pam mobile client application , the application will automatically look for a registered token in its offline tokens with the name that matches the tfa otp issuer parameter if there is a registered token with another name, then it will prompt the user to change the registered token the user selects yes and enters a new token on the next page window forward to the token page for entering a new token if the token is matched the user can log in once the current six digit value of the offline token is validated with the server, login will be successful if there’s no registered token in the kron pam mobile client application and mfa is enabled with the parameter above, registering a token also requires a multi factor authentication the system will send a one time password (otp) to the user’s phone number the user will be asked to enter the otp on her kron pam mobile client application the kron pam mobile client mfa functionality works only with the registered tokens to ensure that the offline tokens are only working in one kron pam mobile client applicatio n at a time