Authenticating with 2-step verification
The 2-step verificationSecurity authentication which includes two steps, which includes password and a special time-limited code. means you can protect your Kerio Control account and access to your company network by requiring two independent authentication steps.
NOTE
It is possible to enable the option to force hostname for clients connected via the Kerio VPNVirtual private network - A network that enables users connect securely to a private network over the Internet. for 2-factor authentication. For more information refer to Authenticating with 2-step verification.
NOTE
For the iOS and Android devices, the 2-FA verification page needs to be opened manually. In the browser type https://CONTROL-IP:4080//nonauth/totpVerify.cs
to successfully browse the Internet. Remember to replace <CONTROL-IP>
with the IP addressAn identifier assigned to devices connected to a TCP/IP network. or Hostname of your firewall.
With the 2-step verification enabled, when you want to access your company network or log into Kerio Control Statistics from the Internet, you must use your credentials to authenticate, and also type a special time-limited code generated by the special mobile application such as Google Authenticator. You can try the following applications:
- Google Authenticator — Available for iOS, Android
- FreeOTP Authenticator — iOS and Android
- Authenticator for iOS
- WinAuth for Windows OS
- Authy for Windows, Linux, Mac, iOS, and Android
The verification code is not required if your device is connected to the Kerio Control network. Kerio Control requires the code only if you use the Internet to access your company network:
- Through Kerio Control VPN Client/IPsecInternet Protocol security - A network protocol used to encrypt and secure data sent over a network. VPN client
- To use Kerio Control Statistics
- To use Kerio Control Administration
Enabling the 2-step verification
You can enable the 2-step verification in your account in Kerio Control Statistics.
NOTE
If you administrator sets the 2-step verification as compulsory, you must follow the steps in this section to enable the 2-step verification in Kerio Control Statistics.
To enable the 2-step verification, you must pair your device with your Kerio Control account:
- Install the authenticator application on your mobile device.
- Log into your account in Kerio Control Statistics.
- Click 2-Step Verification.
- Open the authenticator application and scan a QR code or type the code shown below the QR code. You get a six-digit verification code that is time-limited. The authenticator generates a new code every 30 seconds. All codes generated on the basis of the Kerio Control QR code are valid for Kerio Control authentication.
- Type the verification code in Kerio Control Statistics, as shown below.
- Click Verify.
From now on, you authenticate with the verification code generated by the authenticator. For example, to connect to the Kerio Control Statistics page:
- Type the Kerio Control Statistics URL in your browser.
- On the login screen, type your username and password.
- Click Login. The 2-step verification page appears.
- Open the authenticator and type the Kerio Control code in the box provided.
- Select Remember me on this device. Your browser remember you on this device until the expiry time (in days) configured by the administrator, so you do not have to type the code every time.
- Click Verify.
Kerio Control redirects you to Kerio Control Statistics.
Disabling the 2-step verification
- Type the Kerio Control Statistics URL in your browser.
- On the login screen, type your username and password and then the verification code.
- On the Kerio Control Statistics page, click 2-Step Verification.
- Generate a new code in your authenticator.
- Type the code in the Verification code field.
- Click Disable.
Kerio Control disables the 2-step verification for your account.
From now on, the 2-step verification is in the initial state and you can enable it again.
IMPORTANT
If you lose your mobile device, ask your system administrator to disable the 2-step verification for you. If your administrator sets the 2-step verification as compulsory, you must enable it in Kerio Control Statistics again before accessing your company network from the Internet.
Enabling the 2-step verification when you use Kerio Control VPN Client
- Install Kerio Control VPN Client 8.5 or later.
- Connect to Kerio Control VPN Client as usual.
- Kerio Control VPN Client automatically opens the 2-step verification page in your browser:
- If you have a device paired with your account, type the new code from your authenticator. For more information refer to Enabling the 2-step verification.
- If you don't have a device paired with your account, click Continue and follow the steps in Enabling the 2-step verification above.
Enabling the 2-step verification when you use IPsec VPN client
- Connect to IPsec VPN client as usual.
- Go to your browser and open any page. Kerio Control opens the 2-step verification dialog box:
- If you have a device paired with your account, type the new code from your authenticator.
- If you don't have a device paired with your account, click Continue and follow the steps in Enabling the 2-step verification above. For more information refer to Enabling the 2-step verification.