Using Two-Factor Authentication

The two-factor authentication in Kintone uses "The fact that only that user knows" and "The thing that only that user possesses" for the authentication.
For details, refer to "What is Two-Factor Authentication".

Combination of authentication factors
The fact that only that user knows The thing that only that user possesses
Login name and password Verification code of the authentication app installed on the mobile device

STEP 1: Allowing Users to Use Two-Factor Authentication

To use the two-factor authentication, administrators need to allow users to use it.

  1. Access the Kintone Users & System Administration screen.

  2. Under "Security", click Login.
    Image of Login link

  3. In the "Two-Factor Authentication" section, select "Allow users to use two-factor authentication".

    By default, the "Allow users to use two-factor authentication" option is selected.
    If you do not want to change the setting, skip step 4.

    Image which shows items of two-factor authentication

  4. Click Save.

  5. Review your password policy based on the usage scenario.
    For details, refer to "Specifying Password Complexity and Password Expiration".

STEP 2: Confirming Settings of IP Address Restrictions

Confirm the types of networks users are using.
Your configuration varies depending on whether the IP address is fixed or not.

Access from Dynamic IP Addresses

In the samples of networks below, IP addresses are not fixed.

Samples of networks:

  • Using a public wireless LAN or a hotel's guest LAN during the business trip
  • Using a home network when working remotely
  • Using a mobile network (such as 4G) outside the office

If you want to allow accesses from dynamic IP addresses to Kintone, select "Allow all" for IP Address Restrictions. The default value for IP Address Restrictions is "Allow all". After you configure this setting, the two-factor authentication becomes available, also in the above-mentioned scenarios.
  1. Refer to the procedure to open the screen to set IP Address Restrictions.

  2. Select "Allow all" option for IP Address Restrictions.
    Screen to set the Access Control

  3. Proceed to step 3.
    If you have completed the step 2 above, users can access Kintone from any networks.
    Inform users that they should enable the two-factor authentication.

Access from Fixed IP Addresses

If IP addresses are fixed, you can configure IP address restrictions to allow accesses only from those addresses.
In this case, accesses from mobile networks such as 4G are prohibited.

  1. Refer to the procedure to open the screen to set IP Address Restrictions.

  2. Select "Allow specific IP addresses" option for IP Address Restrictions, and specify IP addresses.
    Screen to set the Access Control

  3. Proceed to step 3.
    Skip step 3 if you do not allow users to use the two-factor authentication.

STEP 3: Informing Users on How to Enable Two-Factor Authentication

Inform users based on your configuration in step 2.

  • Access from dynamic IP addresses:
    The security level is low because the "Allow all" option for IP Address Restrictions has been selected in step 2.
    To prevent unauthorized access, inform all users that they should enable the two-factor authentication.
  • Access from fixed IP addresses:
    Inform users only who use the two-factor authentication on the following:
  1. Inform users on the following.