Sign In to kaleyra.io Using Two Factor Authentication(2FA)

'Two-Factor Authentication' (2FA) is a security mechanism in which, a user is granted access to kaleyra.io application only after successfully presenting two different pieces of evidence (or factors) to the authentication module of kaleyra.io.
The first factor of authentication is done through your username and password. The second factor of authentication is done with the help of an One-Time-Password (OTP) sent to the user's registered phone number. After the OTP verification is successful, the user is provided access to the kaleyra.io application.

Key points about 2FA

The following are the key points about 2FA that are applicable to all types of kaleyra.io accounts.

  • For all the existing accounts and the accounts that are registered newly on kaleyra.io, the 2FA feature is enabled by default. When 2FA is enabled, all the user logins are required to be 'OTP' verified in addition to username and password authentication.
  • After a successful login with 2FA, a user can logout and log in again any number of times without the OTP verification for the next five (5) hours.
  • An account owner can enable or disable the 2FA feature for the kaleyra.io account from the User Interface itself; if the 2FA feature is disabled, any user of the account can login to the account just with username and password authentication.
  • Kaleyra customers can get the 2FA feature disabled by Kaleyra's Operations team. However once disabled, the 2FA cannot be enabled by the Operations team. Only the account owner can enable the feature from kaleyra.io User Interface.

Key points about the 2FA OTP

  • The 2FA OTP is valid for five (5) minutes.
  • The 2FA OTP code becomes invalid after the first successful sign-in to kaleyra.io.
  • An OTP can be triggered three (3) times and when re-triggering is done more than thrice, then the account gets temporarily suspended.
    However, you can get the account re-enabled by the kaleyra's operations team. If you get locked out of your account, please contact you kaleyra representative.
  • Upon triggering OTP thrice without any successful login, if you do not re-trigger another OTP for the next 24 hours, the allowed number of attempts to re-trigger the OTP is reset to 0; and, you will again have three attempts to login using the right OTP code.

Mandatory and advanced security measures implemented using 2FA

In addition to the normal sign in activity where the 2FA is enabled, the following security measures are implemented using 2FA within kaleyra.io, regardless of the 2FA setting being enabled or not for the account.

Actions that require to be validated mandatorily with 2FA

  • A user changes the password.
  • A user resets the password using the Forgot Password? link.
  • The account owner disables the 2FA feature from the kaleyra.io settings page.
  • A user attempts to login after one week of inactivity in kaleyra.io.
  • A user login is attempted from a different IP address than the previous login.

As additional advanced security measures, the users are notified through email when any of the following activities are detected:

  • When concurrent logins are detected using your username and the sessions active for an account, an email is sent for each new concurrent login with a 'multiple concurrent logins detected' message.
  • When a login is attempted after 30 days of inactivity, an email is sent to the user with an 'unusual activity is detected' message.
  • When a login is detected from a different IP address than the last login, an email is sent to the user with a 'New sign-in detected for your account' message.

Sign in to kaleyra.io using your login credentials

The following steps show how the 2FA feature is enabled when you try to log in to K.io application using your login credentials.

  1. Enter the kaleyra URL in the browser Kaleyra login.
    The kaleyra login page appears.
  1. Enter your login credentials in the Email and the password fields.
  2. Click Login.
    The Two Factor Authentication page appears.
  1. Enter the OTP that is received on your mobile phone.
  2. Click Verify.
    On successful OTP verification, you are logged in to kaleyra.io.

Sign in to kaleyra.io using your Google email account

The following steps show how the 2FA feature is enabled when you try to sign in using your Google email.

πŸ“˜

Note:

Continue with Google option can be used, only if your registered username is a Google-powered business email, i.e. your company is using Google Gmail as the corporate email service provider.

  1. Enter the kaleyra URL in the browser Kaleyra login.
    The kaleyra login page appears.
  1. Click on Continue with Google.
    The Choose an account screen appears.

The Two Factor Authentication screen appears.

  1. Enter the OTP received on your registered mobile phone.
  2. Click Verify.
    On successful OTP verification, you are logged in to Kaleyra.io.

Sign in using 2FA after setting new password using the Forgot Password? link

The following steps show how the 2FA feature is enabled when you try to reset your password by resetting the password using the Forgot Password? link.

  1. Enter the Kaleyra URL in the browser Kaleyra login.
    The Kaleyra login page appears.
  1. Click Forgot Password?
    The Recover Password screen appears.
  1. Enter the Email ID to which the Reset password should be sent.
    The following screen is shown.

A change password link is sent to the specified email ID as shown. An email content is shown below for example.

  1. Click the Reset Now link in the mail body.
    Reset your password screen appears.
  1. Enter new password in Password field and enter the new password also in the Confirm Password field.

  2. Click Save New Password. The Password Changed page appears.

    The Two Factor Authentication screen appears.

  1. Enter the OTP received on your registered mobile phone.
  2. Click Verify.
    After successful verification, the following screen is shown.
  1. Click Return to Login.
  2. On the Login page, enter your Email and the newly set password to access kaleyra.io.

Change password using 2FA

The following steps show how the 2FA feature is enabled when you try to change your password within k.io.

  1. On the kaleyra menu, select the Directory option.
  2. Go to User Profile section on the right side of the screen and select Change Password.

The Change Password screen is shown.

  1. Enter the relevant passwords in the Current password, New password, and the Confirm new password fields.
  2. Enter the OTP received on your registered mobile phone.
  3. Click Save Changes.
    The password is changed.

Disable 2FA

Only the account owner (administrator) can disable the 2FA feature for all the users of the account.

To disable 2FA for an account:

  1. Go to user profile section and select the Settings option.
  2. Select the Security option under Settings.
  1. By default, the Two Factor Authentication toggle is enabled.
  2. Toggle the button to disable the Two Factor Authentication feature for all your account users.
    Disable Two Factor Authentication window appears.
  1. Enter the OTP received on your registered mobile phone.
  2. Click Disable.
    The 2FA for the login is disabled for all the team members of the account.