Two-factor authentication (2FA) provides an additional layer of security to your Kissflow account by requiring more than just a password to sign in. Once enabled for your account, users will be prompted to enter a code along with their username and password. This feature is only available in Enterprise plan.
Kissflow Account Admins can set the two-factor authentication enrollment for every user in the account. 2FA enrollment is disabled for every user by default. Account Admins can change it to recommended or mandatory.
Enabling 2FA for users
If the Account Admin has made 2FA recommended or mandatory, users will see the 2FA widget under My settings > Security. After turning on the 2FA widget, you can choose to receive the sign in code in two different ways:
- Email: The code is sent to your email address. Nothing needs to be configured if you choose this.
- Authentication app: The code is generated by an authenticator on your mobile device or computer.
Configuring 2FA using an authentication app
Kissflow 2FA supports authentication apps such as, Google Authenticator, Authy, 1Password, LastPass, etc.
- Turn on the 2FA widget.
- Click the authentication app Set up button. You’ll see this popup box.
- Open the authentication app on your device.
- Scan the QR code.
- Enter the six-digit code into the popup on Kissflow.
- Click Verify to complete the setup.
In order to configure a different authentication app, you must first disable your existing authentication app from your Kissflow account.
Signing in with 2FA enabled
Signing in with 2FA enabled is only slightly different than a normal sign in. Enter your username and password credentials as you normally would, and you'll be presented with a second prompt, depending on which type of 2FA mode you've enabled.
Signing in using a code sent to your email
Use the code sent to your email. It is valid for five minutes.
Signing in using an authentication app
When prompted during sign in, enter the six-digit code generated by your authentication application.