Configuring 2-step verification

NOTE

Watch the 2-step verification video.

The 2-step verificationSecurity authentication which includes two steps, which includes password and a special time-limited code. adds an extra layer of security to your account by using an application on the user's smartphone to confirm their identity.

NOTE

It is possible to enable the option to force hostname for clients connected via the Kerio VPNVirtual private network - A network that enables users connect securely to a private network over the Internet. for 2-factor authentication. For more information, refer to Configuring Hostname Settings

This type of verification protects access to Kerio Control and your LANLocal area network - A network that connects computers and other devices in a small area. from the Internet with two independent steps. Users must use their credentials to authenticate and also type a special time-limited code generated by an authentication application on their phones or computers that supports RFC 6238, such as

The 2-step verification protects all interfaces accessible from the Internet:

Users must use the verification code every time they try to connect to the Kerio Control network from the Internet. If they select Remember me on this device, their browser remembers the connection for the next 30 days from the last connection.

Configuring the 2-step verification in Kerio Control Administration

Users can set up their 2-step verification in Kerio Control Statistics themselves. For more information refer to Authenticating with 2-step verification.

As an administrator, you can also require the use of 2-step verification:

  1. In the administration interface, go to Domains and User Login > Security Options.
  2. Select Require 2-step verification.
  3. Select Allow remote configuration to allow users to pair their mobile device with their Kerio Control account remotely. If you disable this option, users must pair their devices from the local network only.

  4. Click Apply.

Kerio Control now starts to require the 2-step verification. Users must pair their mobile devices with their Kerio Control account. They authenticate to the Kerio Control network with their credentials and a verification code.

Disabling the 2-step verification for a particular user

If a user loses the mobile device associated with 2-step verification, you must disable the 2-step verification for that user account. Otherwise, the user cannot access the Kerio Control network from the Internet. There are two ways to disable 2-step verification on a user account:

Using the context menu in Users administration to disable 2-step verification

  1. In Kerio Control Administration, go to Users and Groups > Users.
  2. Right-click the user whose access you need to change.
  3. In the context menu, click Disable 2-step verification.

The context menu displayed in the Users administration panel.

Using the More Actions button in Users administration to disable 2-step verification

  1. In Kerio Control Administration, go to Users and Groups > Users.
  2. Click the user account you want to disable 2-step verification for
  3. Click More Actions > Disable 2-step verification

The user can now enable 2-step verification in Kerio Control Statistics with a new mobile device.

Enabling the 2-step verification in Kerio Control Statistics

Users can enable the 2-step verification in their account in Kerio Control Statistics. For more information refer to Authenticating with 2-step verification.