Two Factor Authentication¶
Two Factor Authentication requires the user provide an additional piece of evidence beyond their standard password, to gain access to the system. Kasm implements a Time-based One-Time Password (TOTP) algorithm that can be used with popular apps such as Google’s Authenticator.
Two factor authentication can be enabled by the administrator through group settings. Each user will be required to setup their own secret and authentication application during their next login.
Google Authenticator is the only officially supported Application but others like Microsoft’s Authenticator App or others that implement TOTP may be compatible.
Enable Two Factor¶
Navigate to the Groups tab in the Administrators Sidebar and select green view button for the group
Select Add Settings from the Group Settings card
Select the “enable_totp_two_factor” setting and select True to add to all of the users in the group
User Authentication Setup¶
The user will be asked to add the authentication to their Authenticator App on the first log on after two factor was enabled.
Once the username and password have been verified a QR code and secret are provided for easy implementation in Google’s Authenticator
The User will select the plus icon in Authenticator and select Scan barcode to use thier phones camera to add the secret or Manual Entry to enter the secret manually
User must enter one time password provided in the Authenticator App to login
Reset Single-User Authentication¶
The user can reset the authentication code in the reset password section.
Navigate to the profile tab in the Sidebar and select “Reset Password”
Enter current password and a new password
Check the “Reset Two Factor Authenticator” checkbox and then click Submit
The administrator can reset the users authentication.
Navigate to the Users tab in the Administrators Sidebar and select edit for the user
Check the “Reset Two Authenticator Secret” checkbox and then click Submit