1. Home
  2. OpenKM 8.1
  3. Setup
  4. Configuring Two Factor Authentication
  1.  

OpenKM 8.1
Hardware and software requirements
Installation
Setup
Antivirus configuration
Cleaning older activity log data
Configuring Apache HTTP Reverse-Proxy
Configuring Apache HTTPS Reverse-Proxy
Configuring Nginx HTTP Reverse-Proxy
Configuring Apache HTTP to rewrite old OpenKM URL
Configuring Lucene Analyzer
Configuring CADViewer
Configuring OCR engine
Configuring OpenSSL
Configuring mail
Configuring Tomcat memory utilization
Configuring Tomcat port
Configuring Tomcat session timeout
Configuring Tomcat timezone
Configuring openkm.xml
Configuring jBPM
Configuring ONLYOFFICE
Configuring Collabora Online
Configuring safe trash purge
Configuring search highlighter
Configuring Tomcat to work behind an Internet proxy
Configuring VidSigner
Change repository home
Change default role names
Enable extensions
LDAP configuration
Log configuration
LibreOffice configuration
Security configuration
Configuring Two Factor Authentication
Configuring document expiration
Configuring CIFS
Cache configuration
Configuring email digital signature
Configuring anonymous user
Prometheus configuration
Troubleshooting
Administration guide
User guide
Update guide
Development

Configuring Two-Factor Authentication

Two-factor authentication (2FA) provides extra security to OpenKM logins. In addition to the typical login and password, once the user is authenticated, they will be asked for an extra six-digit code generated by a mobile application called Google Authenticator.

Compliance

The two-factor authentication implements a two-step verification of HOTP/TOTP. Also known as one-time passwords.

It has been tested with:

Should work with other applications like:

Prerequisite

Because two-factor authentication has been implemented using Google Authenticator, it is necessary to download and install the application from Google Play or the Apple App Store.

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

Once installed and configured, this application does not even need an Internet connection.

OpenKM configuration

Before anything, please read Two-factor authentication configuration parameters.

Each user can configure their own account to use 2FA. To do so: Go to KCenter, at top right > Settings > Settings tab > Two-factor authentication.

If 2FA is enabled by the administrator, at the bottom of the User Configuration dialog you will see a new option 2FA. Depending on whether 2FA is enabled, you will see:

  • Disable button: if 2FA has already been configured for this user.
  • Enable button: if 2FA has not been configured yet.

If you click the Enable button, a new window with the following parameters will appear:

  • The current user ID to be configured.
  • A QR code that you should scan with the Google Authenticator application.
  • A text box where you must enter the verification code generated by Google Authenticator (after the QR code has been scanned).

Once you have completed these steps, please click the Accept button.

Scan QR code

To scan the QR code, open Google Authenticator on your mobile and perform the following steps:

  1. Click on Configure account.
  2. Select Scan code.
  3. Point your mobile device at the QR image on the screen.
  4. Once the image is properly scanned, the account for OpenKM is added.
  5. Now you will see a square with a number (code) which you will have to enter when required.

These generated codes are time-based: they expire every 60 seconds. If you pay attention to the Google Authenticator screen, you will see how the code changes periodically. 

Google Authenticator use

Once 2FA is configured on your OpenKM account, the next time you log in to OpenKM, after your username and password are verified, a new screen will appear requiring you to enter a code obtained from the Google Authenticator application you previously configured.

© OpenKM kcenter v.1.0.0 (build: d51a7b0). All Rights Reserved. Documentation license