Skip to main content

Set up two-factor authentication using one-time passwords in the Kuroco administration screen.

Overview

You can set up two-factor authentication with one-time password for Kuroco admin login. Google Authenticator is used to issue one-time passwords.

What you'll learn

You'll learn how to set up two-factor authentication with one-time password by following these steps:

Setting up One-Time Passwords

You can enable the use of one-time passwords in [Environment Settings] -> [Site Management], but if you set it to [Required], existing users without registered one-time passwords will not be able to log in to the admin page.

In this tutorial, we will introduce the process of optionally setting up the use of one-time passwords, and after each user has completed their registration of the one-time password, we will explain the [required] settings.

For new users added, the one-time password registration screen will be displayed after their first login.

Enabling the use of one-time passwords

Click [Environment] -> [Site settings].
Image from Gyazo

Set the Authentication code in the Login section to [Use].
Image from Gyazo

Registering a one-time password

You can register a one-time password from the member settings in the admin page. Go to your member information by clicking [Member] -> [Member] or by clicking your icon in the upper right corner of the admin page.

Image from Gyazo

Click [Set up] for 2-Step Verification in the ID information tab.
Image from Gyazo

The one-time password setup screen will open, so click [Register].
Image from Gyazo

Open the Google Authenticator app, scan the QR code, and enter the 6-digit authentication code.
Image from Gyazo

Once you see the message "Registered", the setup is complete.
Image from Gyazo

From the next login, after entering your ID (or email address) and password, you will need to enter a one-time password.
Image from Gyazo

Making one-time password usage mandatory

Finally, change the one-time password setting to [Required] from [Environment Settings] -> [Site Management].

Image from Gyazo

Existing users who have not registered a one-time password will no longer be able to log into the administration screen, and new users will be prompted to register a one-time password during their initial login.

That's it! You have completed setting up two-factor authentication with one-time password.

How to Disable One-Time Passwords

If you have lost a device where Google Authenticator was installed and you need to disable the one-time passwords, you cannot do it yourself as the user in question.

Please contact the site administrator and request them to disable the one-time password from the member information on the administration panel.

Image from Gyazo


Support

If you have any other questions, please contact us or check out Our Slack Community.