Two Factor Authentication

Two Factor Authentication requires the user provide an additional piece of evidence beyond their standard password, to gain access to the system. Kasm implements a Time-based One-Time Password (TOTP) algorithm that can be used with popular apps such as Google’s Authenticator.

Two factor authentication can be enabled by the administrator through group settings. Each user will be required to setup their own secret and authentication application during their next login.

Download the Apps:


Google Authenticator is the only officially supported Application but others like Microsoft’s Authenticator App or others that implement TOTP may be compatible.

Enable Two Factor

  • Navigate to the Groups tab in the Administrators Sidebar and select green view button for the group

  • Select Add Settings from the Group Settings card

  • Select the “enable_totp_two_factor” setting and select True to add to all of the users in the group


User Authentication Setup

The user will be asked to add the authentication to their Authenticator App on the first log on after two factor was enabled.

Once the username and password have been verified a QR code and secret are provided for easy implementation in Google’s Authenticator

  • The User will select the plus icon in Authenticator and select Scan barcode to use thier phones camera to add the secret or Manual Entry to enter the secret manually

  • User must enter one time password provided in the Authenticator App to login


Reset Single-User Authentication

The user can reset the authentication code in the reset password section.

  • Navigate to the profile tab in the Sidebar and select “Reset Password”

  • Enter current password and a new password

  • Check the “Reset Two Factor Authenticator” checkbox and then click Submit


The administrator can reset the users authentication.

  • Navigate to the Users tab in the Administrators Sidebar and select edit for the user

  • Check the “Reset Two Authenticator Secret” checkbox and then click Submit