Note: This page applies to KORE’s standalone products (e.g., Helix, Activate, etc.) which use KOREAuth. It does not apply to organizations using an identity provider for SSO (single sign on). For Dynamics or Salesforce sign-in, see using two-factor authentication with your CRM.
Overview
Multi-Factor Authentication (MFA), also called Two-Factor Authentication (2FA), improves security by requiring something a person knows (the password) and something they have when signing in. KORE products support MFA using six-digit codes generated by an app on your phone.
Important: As of 2024, MFA became mandatory for all users.
Required app
You will need an app for your phone which generates TOTP (time-based one-time password) codes:
Other apps supporting the TOTP standard (such as Authy) should work, but the KORE Support team cannot provide assistance with using them.
Setup
Begin by opening a KORE standalone product (e.g., Helix, Activate, etc.) in your browser.
- If you aren't signed in, enter your email address and password as usual. You’ll then be prompted to set up MFA. Click the Set up button to open the MFA configuration page.
- If you're already signed in, navigate to Manage Account > Profile > Security and select the KORE User Setting button. Then click the Set up button to open the MFA configuration page.
This page displays a QR code which you can scan using your MFA app. (Alternatively, you can manually enter the string of 32 random characters.) This is called the “secret” and the authenticator app uses an algorithm to calculate a six-digit code from the secret and the current time. This is why the codes expire every 30 seconds.
Caution: It is crucially important to keep the secret safe. Do not print it, write it down, or save it! After adding it to your authenticator app in this step, you will never need it again.
Once your app has the secret, it can generate codes. Enter the current code into the Verification Code field and click Verify. The system will use that code to confirm your app is configured correctly.
Finally, the system will provide you with a set of recovery codes. These allow you to sign in if you don’t have access to your device with the authenticator app. Write these down in a safe place. Each recovery code can only be used once, so scratch it out after using one.
The system will now prompt you for a six-digit code each time you sign in.
Changing your device
If your authenticator app supports backups (e.g., Microsoft or Authy), you can easily move your credentials to a new phone. Follow the app’s instructions to do so.
If your app doesn’t support backups (e.g., Google) or if you didn’t enable backups, then you’ll need to go through the setup process again and create a new secret.
- Navigate to KORE User Settings in KOREAuth - https://koreauth.koresoftware.com/manage/index
- Click the MFA Reset button
This will take you through the same setup flow described above. Once you verify a six-digit code using the new secret, the old secret will be invalidated. This also invalidates the old recovery codes—the system will provide you with a fresh set.
Recovery from full loss of access
If you lose your device, you can login using a Recovery Code. During the initial Configuration of Multi-Factor Authentication, you were provided with 5 recovery codes. You can use any of these recovery codes (each only one time) to temporarily login. Once successful logged in, you will need to reconfigure MFA on your device.
To login using recovery codes:
- During the login process, when you are prompted to enter your MFA Token, click on the link “Use recovery codes instead”
- Enter in one of the Recovery codes provided during initial setup of MFA. (Note: Once a recovery code is used to login, it can no longer be used)
- You will be redirected to the KORE User Settings page
- Click on the “Reset” button under “Two-Factor Authentication”, to start the process of re-configuring Two-Factor Authentication
Important: If you lose your recovery codes, you must contact your IT Administrators to have your secret reset. To guard against social engineering attacks, you will be required to prove your identity.
How to Perform an MFA reset (For System Administrators)
- Validate an MFA reset is needed
- Login to the Management Portal https://management.koresoftware.com/
- Find and edit the user
- Click the “Reset” button under the section “Reset Multi-factor Authentication”, review validation steps, and click Continue.
- The user will receive a confirmation email, with a link to perform the MFA reset. (Note: MFA will be enabled until the user continues with the reset process)
- The user will be required to reconfigure MFA