Two-Factor Authentication (2FA) is a security process that adds an extra layer of protection when accessing online accounts. This usually means using a password and a code sent to your phone number and email registered in KAMI, and an authenticator app. It adds extra security beyond just a password, making it harder for unauthorized users to get in.

Let's dive in how to get this activated in KAMI in just a few steps!

User Rights Settings

Firstly, you will need to activate "Require 2fa" via My Team > Settings > User Rights per role.

This allows specific role to only have 2FA activated per company.

2FA Methods

Once the 2FA has been activated, and employee has been invited to KAMI, they have the flexibility to select their preferred security method, and can transition between them at their convenience to suit requirements.

KAMI has the following available Two-Factor Authentication methods:

1. Email: If you prefer to communicate via email, you can select this option in your account settings. It is commonly offered as an option due to its widespread accessibility, convenience, and reliability as a backup method.
2. SMS (text messages): Alternatively, you may choose to receive the security code via SMS. This option is great for quick updates and notifications that you need to receive on the go.
3. TOTP (Time-based One-Time Password): This method requires an authenticator app (Google Authenticator). It adds extra security by creating temporary passwords that expire quickly, enhancing the safeguarding of sensitive information. For optimal account security, we highly recommend this method.

Only admins can disable the two-factor authentication. 

How does this work? 

Once activated, employee has to choose which 2FA method they would like to use going forward.

Email

Alongside the set password, the employee must enter a verification code sent to their email registered in KAMI upon logging in. This measure safeguards your account against unauthorized access, ensuring exclusive login capability.

The unique code is only valid for 10 minutes.

SMS (short message service)

Once enabled, the employee will receive a unique code via text message (SMS) to the mobile number registered in KAMI each time they attempt to log in to the system. This code is required to complete the login process.

TOTP (time-based one-time password)

This is an additional layer of security that uses a time-based algorithm to generate a unique, temporary code for each login attempt. Once TOTP is enabled, the employee will need to enter a code generated by an authenticator app each time they log-in to the system.

When an employee chooses TOTP as 2FA method, the KAMI app will give them one-time backup codes that provide access when two-factor authentication is not possible.

Employee has to SAVE this as these codes cannot be viewed again and regenerating codes invalidates the old ones.

Follow the instruction from the app to activate TOTP authenticator app. Highly suggest to use Google Authenticator app.