Two-factor authentication

Two-factor authentication (2FA) provides an additional layer of security to your Kissflow account by requiring more than just a password to sign in. Once enabled for your account, users will be prompted to enter a code along with their username and password. This feature is only available in Enterprise plan.

2FA enrollment

2FA enrollment is disabled for every user by default. Kissflow IAM Admins can set the two-factor authentication enrollment for every user in the account and change it to recommended or mandatory status.

Enabling 2FA for users

If the IAM Admin has made 2FA recommended or mandatory, users will see the 2FA widget under My settings > Security. After turning on the 2FA widget, you can choose to receive the sign in code in two different ways:

  • Email: The code is sent to your email address. Nothing needs to be configured if you choose this. 
  • Authentication app: The code is generated by an authenticator on your mobile device or computer.


Configuring 2FA using an authentication app

Kissflow 2FA supports authentication apps such as Google Authenticator, Authy, 1Password, LastPass, etc. 

  1. Turn on the 2FA widget.
  2. Click the authentication app Set up button. Youโ€™ll see this popup box.

  3. Open the authentication app on your device. 
  4. Scan the QR code.
  5. Enter the six-digit code into the popup on Kissflow.
  6. Click Verify to complete the setup.

In order to configure a different authentication app, you must first disable your existing authentication app from your Kissflow account.

Signing in with 2FA enabled

Signing in with 2FA enabled is only slightly different than a normal sign in. Enter your username and password credentials as you normally would, and you'll be presented with a second prompt, depending on which type of 2FA mode you've enabled. 

Signing in using a code sent to your email

Use the code sent to your email. It is valid for five minutes.

Signing in using an authentication app

When prompted during sign in, enter the six-digit code generated by your authentication application.