1. Home
  2. OpenKM 6.4
  3. Setup
  4. Configuring Two Factor Authentication
  1.  

OpenKM 6.4
Hardware and software requirements
Installation
Setup
Antivirus configuration
Cleaning older activity log data
Configuring Apache HTTP Reverse-Proxy
Configuring Apache HTTP for changing context URL
Configuring Apache HTTPS Reverse-Proxy
Configuring Nginx HTTP Reverse-Proxy
Configuring Lucene Analyzer
Configuring OCR engine
Configuring OpenSSL
Configuring SWFTools
Configuring mail
Configuring Tomcat memory utilization
Configuring Tomcat port
Configuring Tomcat session timeout
Configuring Tomcat timezone
Configuring safe trash purge
Configuring Tomcat to work behind an Internet proxy
Change repository home
Change default role names
Enable extensions
Enable WebDAV
LDAP configuration
Log configuration
LibreOffice configuration
Security configuration
SSO Configuration
Configuring Google Drive
Configuring document expiration
Configuring Joomla integration
Configuring Wordpress integration
Configuring Two Factor Authentication
Configuring CIFS
Configuring Dropbox
Cache configuration
Configuring CADViewer
Configuring VidSigner
Configuring search highlighter
Troubleshooting
Administration guide
User guide
Migration guide
Development

Configuring Two Factor Authentication

Two factor authentication (2FA) provides extra security to OpenKM login. In addition to the typical login and password, once the user is authenticated, will be asked for an extra six digits code generate in a mobile application called Google Authenticator.

Prerequisite

Because two factor authentication has been implemented using Google Authenticator, it is necessary to download and install the application from Google Play or Apple market.

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

Once installed and configured, this application does not event need Internet connection.

OpenKM configuration

Each user can configure his own account to use 2FA. To do it, he has to go to Tools > Preferences > User Configuration.

If 2FA was enabled by the administrador, at the bottom of the User Configuration dialog you would be able to see a new option 2FA. Depending on whether 2FA is enabled ypu would see:

  • Disable button: is 2FA was already configured for this user.
  • Enable button: is 2FA has not been configured yet.

If you click on enable button, a new window with the following parameters will appear:

  • The current user id to be configured.
  • A QR code which you should scan from Google Authenticator application.
  • A text box where you have to write the verification code generated by Google Authenticator (once QR code has been scanned).

Once you have complete these steps, please click on the accept button.

Scan QR code

To scan the QR code, open Google Authenticator on your mobile and perfom the following steps:

  1. Click on configure account.
  2. Select Scan code.
  3. Focus the mobile toward the the QR image of the screen.
  4. Once the image is properly scanned the accound for OpenKM is added.
  5. Now you will see a square with a number (code) which you will have to introduce when required.

These generated codes are time based: they will expiry every 60 seconds. If you pay attention to Google Authenticator screen, you will see how the code changes every period of time. 

Google Authenticator use

Once 2FA is configured on your OpenKM account, next time you log into OpenKM, after your login and password are verified, a new screen will appear, where it will be required to fill in, a code that it will have to be obtained from the application previously configured inside Google Authenticator application.

© OpenKM kcenter v.1.0.0 (build: d51a7b0). All Rights Reserved. Documentation license