Set up two-factor authentication using Passkey in the Kuroco administration screen.
Overview
You can set up two-factor authentication with Passkey Kuroco admin login. It can be configured to use with password or passwordless as well.
What you'll learn
You'll learn how to set up two-factor authentication with passkey by following these steps:
- Enabling the use of passkey
- Registering a passkey
- Registering a passwordless passkey
- Making passkey usage mandatory
Setting up Passkey
You can enable the use of Passkey in [Environment Settings] -> [Site Management], but if you set it to [Required], existing users without registered passkeys will not be able to log in to the admin page until they create a passkey during the login process.
In this tutorial, we will introduce the process of optionally setting up the use of passkey, and after each user has completed their registration of passkey, we will explain the [required] settings.
Enabling the use of passkey
Click [Environment] -> [Site settings].
Set the Enable Passkey Use in the Login section to [Use].
Registering a passkey
You can register a passkey from the member settings in the admin page. Go to your member information by clicking [Member] -> [Member] or by clicking your icon in the upper right corner of the admin page.
Click [Set up] for Passkey in the ID information tab.
The passkey setup screen will open, so click [Register].
It will prompt to register the passkey, the actual prompt depends on device to device. Some example will be like below:
For a Software based Passkey, like Proton Password Manager:
For a MacOS device, an OS level prompt will be shown:
For a browser based passkey, like Chrome:
Once the registration of the Passkeys is complete and you return to the member information page, the setup is finished.
Multiple Passkeys can be added. To add another Passkey, click on [Register a new Passkey].
Various Passkeys can have different names, this makes it easy to remember.
Passkeys can be temporarily disabled, this is useful when you are not using a particular device. To disable a Passkey, change the [Enabled] toggle to off position.
From the next login, after entering your ID (or email address) and password, you will need to authorize with one of the registered Passkeys.
Registering a passwordless passkey
A passwordless passkey enables the user to login without needing to enter the username/email and password. This needs to be allowed site wide first. To enable, change the toggle for [Enable Passkey use without LoginID-Password] to enabled from [Environment Settings] -> [Site Management].
This will enable the user to login with just the passkey. The users need to enable existing Passkeys to be used as passwordless. To enable, change the toggle for [Use Passwordless] to enabled from the Passkey settings.
New Passkeys registered will automatically be registered as Passwordless Passkeys. A user can have a combination of passwordless and password based Passkeys.
To login, users can select Passwordless Passkey option and use their configured Passwordless Passkeys to login.
Making passkey usage mandatory
Finally, change the Enable Passkey Use setting to [Required] from [Environment Settings] -> [Site Management].
Existing users who have not registered a Passkey will be unable to log in to the admin panel until they complete Passkey registration. Upon login, they will be shown the Passkey registration screen. Additionally, new users will be shown the Passkey registration screen during their first login.
If there is any other two-factor authentication also set as required. Then either one of the required two-factor authentication methods will be required. User will have a choice on which one to register.
That's it! You have completed setting up two-factor authentication with passkey.
How to Disable Passkeys
If you have lost a device which was being used as a Passkey and you need to disable the passkey, you cannot do it yourself as the user in question.
Please contact the site administrator and request them to disable the passkey from the member information on the administration panel.
Once all the Passkeys are removed, then the user can login with just the username/email and password and re-register a new Passkey.
Support
If you have any other questions, please contact us or check out Our Slack Community.