Overview
Two-factor authentication (2FA), also called multi-factor authentication (MFA), improves security by requiring something a person knows (the password) and something they have when signing in. This is typically done with a hardware key (e.g. YubiKey) or smartphone (e.g. Authy app or text message). KORE strongly recommends enabling 2FA for your CRM to protect your systems.
However, KORE’s software must be able to sign in to your CRM and cannot use such devices. This page explains how to make an exception for the service account we use so that you can enable 2FA for your users.
Important: Advise your KORE Success Consultant before enabling 2FA so we can ensure your services won't be disrupted.
Dynamics 365
Microsoft allows you to create an “app password” to use in situations where 2FA can’t be used. This is a special password that is used in place of the real password. It’s very long and random, and it can be revoked at any time. Never use the same app password with more than one app.
- (New customers) Create the service account.
- Generate a unique app password for the service account.
- Provide the password to KORE using our Secure Information Transfer
Salesforce
Salesforce allows you to restrict an account to API access only. This means that no one can use it to access the web interface. You can then enable the "Two-Factor Authentication for User Interface Logins" option.
- (New customers) Create the service account.
- Give the service account a very strong password—use at least 30 randomly generated characters.
- Set the account’s access to API Only with “Modify All” permission.
- Provide the password to KORE using our Secure Information Transfer
Why can’t KORE use 2FA with the service account?
KORE uses the service account to perform automated tasks; there’s no human there to provide the second factor. (KORE employees are prohibited from manually signing in to your CRM using the service account.) Thus, KORE’s software would have to know how to generate an authorization code. This defeats the purpose of 2FA, since the second factor would just become another thing the software “knows”. Since no other restrictions would be placed on the service account, it would become a “weak link” in your security.
This logic applies to any automated sign in, not just KORE products.