Koha Tutorial Videos
Monday Minutes: two-factor authentication in the staff interface
In this week's Monday Minutes, Kelly and Jessie will show you how two-factor authentication in the staff interface works. Koha now offers the ability to set up two-factor authentication (2FA) for logging into the staff interface.
This two-factor authentication uses a time-based one-time password (TOTP). A TOTP is a password that can only be used once and is only valid for a limited time.
Staff can use an authentication app to generate TOTPs. Any authenticator app, such as Google Authenticator, and OTP, FreeOTP, and many others can be used. Applications that enable the backup of their 2FA accounts (either cloud-based or automatic) are recommended.
System Preference
- First, you will want to navigate to administration and select Global System Preferences.
- Search for TwoFactorAuthentication.
- You will have 3 options, enable, don't enable and enforce.
- Turn on the two-factor authentication by selecting enable.
- Click save all staff interface preferences.
My Account
- Navigate to My Account (your patron account).
- Select the More dropdown from your account and select manage two-factor authentication
- The status should be ‘Disabled’ when first going to this page.
- Click the button to enable two factor authentication
- A QR code will be presented on the screen. Scan the code using an authenticator app from the suggestions above.
- Once the QR code is scanned, the app will return a time-based PIN code.
- Enter the PIN in the PIN code field and click ‘Register with two-factor app’.
- The status of the two-factor authentication will now be enabled.
Logging into the Staff Interface
- You will enter your username and password and click login.
- You will then be prompted to enter a pin
- Open your authenticator app, generate a time-based one-time password, and enter it in the field in order to log in.
Disable Two-Factor Authentication
If you would like to disable two-factor authentication, follow the steps below.
- Navigate to your account in the staff interface.
- Select the More dropdown and then Manage two-factor authentication.
- Click ‘Disable two-factor authentication’.
Read more by Jessie Zairo