Note: This page applies to KORE’s standalone products (e.g., Helix, Activate, etc.) which use KOREAuth. It does not apply to organizations using an identity provider for SSO (single sign on). For Dynamics or Salesforce sign-in, see using two-factor authentication with your CRM.
Overview
Two-factor authentication (2FA), also called multi-factor authentication (MFA), improves security by requiring something a person knows (the password) and something they have when signing in. KORE products support 2FA using six-digit codes generated by an app on your phone.
Important: New accounts must use 2FA, but it is optional for existing users. In the future, 2FA will become mandatory for all users. KORE will notify all customers before this policy change takes effect.
For security, 2FA cannot be turned off once it is enabled.
Required app
You will need an app for your phone which generates TOTP (time-based one-time password) codes:
Other apps supporting the TOTP standard (such as Authy) should work, but the KORE Support team cannot provide assistance with using them.
Setup
Begin by opening a KORE standalone product (e.g., Helix, Activate, etc.) in your browser.
- If you aren't signed in, enter your email address and password as usual. You’ll then be prompted to set up 2FA or temporarily skip this. Click the Set up button to open the 2FA configuration page.
- If you're already signed in, navigate to Manage Account > Profile > Security and select the KORE User Setting button. Then click the Set up button to open the 2FA configuration page.
This page displays a QR code which you can scan using your 2FA app. (Alternatively, you can manually enter the string of 32 random characters.) This is called the “secret” and the authenticator app uses an algorithm to calculate a six-digit code from the secret and the current time. This is why the codes expire every 30 seconds.
Caution: It is crucially important to keep the secret safe. Do not print it, write it down, or save it! After adding it to your authenticator app in this step, you will never need it again.
Once your app has the secret, it can generate codes. Enter the current code into the Verification Code field and click Verify. The system will use that code to confirm your app is configured correctly.
Finally, the system will provide you with a set of recovery codes. These allow you to sign in if you don’t have access to your device with the authenticator app. Write these down in a safe place. Each recovery code can only be used once, so scratch it out after using one.
The system will now prompt you for a six-digit code each time you sign in.
Changing your device
If your authenticator app supports backups (e.g., Microsoft or Authy), you can easily move your credentials to a new phone. Follow the app’s instructions to do so.
If your app doesn’t support backups (e.g., Google) or if you didn’t enable backups, then you’ll need to go through the setup process again and create a new secret.
- Sign into a KORE standalone application. (Use a recovery code if you no longer have your old phone.)
- Open KORE User Settings.
- Click the 2FA Reset button.
This will take you through the same setup flow described above. Once you verify a six-digit code using the new secret, the old secret will be invalidated. This also invalidates the old recovery codes—the system will provide you with a fresh set.
Recovery from full loss of access
If you lose your device and your recovery codes, you must contact KORE to have your secret reset. To guard against social engineering attacks, you will be required to prove your identity and current employment status.