In the February 8, 2025 major Kahua release (v2025.1), Kahua will be enabling multi-factor authentication (MFA) for all customer domains. This advanced security measure requires users to provide two forms of identification – a password and a second factor like a Time-based One-Time Password (TOTP) or an email-based verification code. Designed with user experience in mind, our MFA implementation is not only robust and reliable but also straightforward and user-friendly. This update underscores our commitment to safeguarding user data and providing a secure environment for all our customers. This enhancement will greatly contribute to the overall security of our platform, aligning with the latest industry standards in cybersecurity.
What is Multi-Factor Authentication (MFA)?
Multi-factor authentication (MFA) is an account login process that uses more than one method to verify your identity. You’ve probably already used MFA with other consumer websites and apps, where after entering your username and password, you are sent a code that you are required to enter to verify your identity. Most consumer apps send a text message with a code to your mobile device.
Kahua MFA will work similarly. After entering in your username and password, you will receive a code to enter on the login screen. You will obtain the code either from your email or from an authenticator app on your mobile device such as Microsoft Authenticator or Google Authenticator.
Who will be affected?
All users who currently authenticate only using email address and password will be affected and will be required to use one of the MFA methods each time they login. Users who already authenticate with Kahua MFA or an SSO provider will not experience any changes.
What can I expect?
If you currently authenticate with only an email address and password, you will still enter your email address and password, and then you’ll be guided through the multi-factor authentication (MFA) portion of the authentication sequence.
After successfully entering your email address and password, you will choose one of the MFA methods, retrieve the MFA code, and then enter that code in Kahua to successfully authenticate.
Which MFA methods are supported?
Kahua MFA supports both email and time-based one-time password (TOTP) methods.
The email MFA method will send the required code to the same email address you use to access Kahua. You will enter that code into Kahua.
The TOTP (time-based one-time password) MFA method uses an authenticator app such as Microsoft Authenticator or Google Authenticator to produce the code. You will need to download the app to your mobile device. That code will be used to authenticate
How do I use an Authenticator App for MFA?
Using the Authenticator app method does require a few additional steps in order to install the app on your iOS or Android mobile device and establish the relationship between your mobile device and your Kahua account. Instructions are provided every step of the way if you opt for the TOTP method and authenticator app, but the video above will also demonstrate the steps to enroll.
Can Kahua MFA be disabled?
No, Kahua MFA cannot be disabled. Kahua MFA is in place for the safety and security of you and your data. Email address + password + MFA is the new “standard” authentication process for Kahua.
What if I already use SSO to authenticate?
Your authentication experience will continue to be the same as it is today.
What if I already use Kahua MFA?
Your authentication experience will continue to be the same as it is today.
For a detailed demonstration of both MFA methods, please watch this video.
For more information, please refer to Multifactor Authentication.
If you are a domain administrator, please refer to Managing Multifactor Authentication in your domain.