Enabling 2FA for End User Machine Logons

Use this procedure to require two factor authentication (2FA) for any user logging on to any machine managed by a Kaseya agent. The feature requires deploying an additional agent—called an AuthAnvil agent—to a Kaseya agent machine.

1. Navigate to the Two Factor Auth module.
2. On the Manage Agent Groups page.
   • Click Add Group to create a new AuthAnvil agent group.
   • Add machines to the new AuthAnvil agent group by moving them to the Machines in Group list.
   • Click the Show Advanced button to Enable Authentication for KLC
3. On AuthAnvil > Deploy Agents page:
   • Select the AuthAnvil Agent Group to deploy.
   • Select machines in the Select the endpoints that you wish to deploy AuthAnvil to list.
   • Select AuthAnvil Server Settings.
     • This identifies the specific Two Factor Authentication server and Site ID you will use to authenticate user passcodes for a given set of machines. Each customer organization may have its own Two Factor Authentication server to manage its own set of user passcodes.
   • Optionally configure a second Two Factor Authentication server for redundancy.
   • Enter Override Settings.
     • This ensures the VSA administrator still has access to the machine if the 2FA passcode cannot be used.
     • Optionally set Advanced Settings.
     • You can modify override settings using the Change Override Password page.
   • Click Deploy.
     • You can modify agent settings after you deploy them using the Modify Agent Settings page.
4. Confirm AuthAnvil agents have been successfully deployed using the Discover Agents page.
5. View the results of Discover Agents query on the View AuthAnvil Agent Info page.
6. Test that AuthAnvil managed machines now require 2FA user logons.