Overview
You can protect your Kerio Control account and access to your company network by requiring two independent authentication steps, so-called 2-step verification.
Note: for the iOS and Android devices, the 2-FA verification page needs to be opened manually. In the browser type https://CONTROL-IP:4080//nonauth/totpVerify.cs to successfully browse the Internet. Remember to replace <CONTROL-IP> with the IP address or Hostname of your firewall.
When you want to access your company network or connect to Kerio Control Statistics from the Internet through VPN, you must use your credentials to authenticate in a special verification window and also type a special time-limited code generated by the mobile application such as:
- Google Authenticator — Available for iOS, Android;
- FreeOTP Authenticator — iOS and Android;
- Authenticator for iOS;
- WinAuth for Windows OS;
- Authy for Windows, Linux, Mac, iOS, and Android.
Solution
Enabling the 2-step verification
You can enable the 2-step verification in your account in Kerio Control Statistics.
NOTE: If your administrator sets the 2-step verification as a compulsory requirement, you must follow the steps in this section to enable the 2-step verification.
- Install the Authenticator application on your mobile device to pair the device with your Kerio Control account.
- Log in to your account in Kerio Control Statistics.
- Click 2-Step Verification.
- Open the Authenticator application and scan a QR code or type the code displayed below the QR code. You get a six-digit verification code that is time-limited. The Authenticator generates a new code every 30 seconds. All codes generated on the basis of the Kerio Control QR code are valid for Kerio Control authentication.
- Type the verification code in Kerio Control Statistics, as presented below.
- Click Verify.
From now on, you can authenticate with the verification code generated by the Authenticator. For example, to connect to the Kerio Control Statistics page:
- Type the Kerio Control Statistics URL in your browser.
- On the login screen, type your username and password.
- Click Login. The 2-step verification page appears.
- Open the Authenticator and type the Kerio Control code in the box provided.
- Select Remember me on this device. Your browser remembers the connection for the next 30 days from the last connection, so you do not have to type the code every time.
- Click Verify.
Enabling the 2-step verification when you use Kerio Control VPN Client
- Install Kerio Control VPN Client 8.5 or later.
- Connect to Kerio Control VPN Client as usual.
- Kerio Control VPN Client automatically opens the 2-step verification page in your browser:
- If you have a device paired with your account, type the new code from your Authenticator.
- If you do not have a device paired with your account, click Continue and follow the steps in Enabling the 2-step verification above.
Enabling the 2-step verification when you use IPsec VPN client
- Connect to IPsec VPN client as usual.
- Go to your browser and open any page. Kerio Control opens the 2-step verification dialog box:
- If you have a device paired with your account, type the new code from your Authenticator.
- If you do not have a device paired with your account, click Continue and follow the steps in Enabling the 2-step verification above.
Testing
Kerio Control redirects you to Kerio Control Statistics and you have successfully configured the 2-step verification process in Kerio Control Statistics.