Getting Started
Security and Access settings in Kudos help you manage how users sign in and keep your organization's data safe. You can manage authentication through Single Sign-On (SSO), strengthen protection with Multi-Factor Authentication (MFA), set password policies, and configure session timeout duration to align Kudos access with your internal security standards.
If your organization uses Single Sign-On (SSO), you'll find all the necessary information in this article: How to set up Single Sign-On (SSO).
When to Use This Feature
- Enabling MFA for remote or high-risk teams
- Enforcing stricter password renewal policies before an audit
- Resetting all passwords after a potential security incident
- Preparing for IT compliance reviews
Step-by-Step Instructions
Enabling Multi-Factor Authentication (MFA)
- Go to Admin > User Management > Security & access
- Under MFA, select Enable
- Users will be prompted to set up MFA during their next login or session timeout
- They must scan a QR code using an authenticator app (e.g., Google Authenticator)
Note: Once enabled, MFA applies to all users. There is no way to exclude individuals or groups.
Set session timeout duration
- Under Session timeout, use the dropdown menu to select how many days a user session can remain active.
- Choose a duration between 1 and 90 days, depending on your organization’s security policy.
- Changes take effect immediately for all users.
Note: This setting controls how long a user can stay signed in without needing to re-authenticate. Shorter timeouts increase security, especially in shared or public devices, while longer durations provide more convenience for frequent users.
Managing password expiry
- Under Passwords, choose how often users must change their password. Best practices vary by risk level:
- 180 days for low-risk environments with MFA
- 90 days for balanced security
- 30–60 days for high-security environments without MFA
- To force all users to update passwords immediately, click “Expire all passwords now".
Note: Password expiry applies only to users signing in with email and password. SSO users are managed by your identity provider (IDP).
Helpful Tips & Ideas
- Turn on MFA before shortening session timeouts or password expiration periods to keep things secure without making login too difficult.
- Use shorter session timeouts on shared or public devices to help protect against unauthorized access.
-
Pick a password expiration schedule that matches your risk level—shorter for sensitive environments, longer if you already use MFA.
Kudos doesn’t send alerts automatically, so let your teams know about changes to session timeouts or password expiry ahead of time.
Try enabling MFA with a small test group first to catch any setup issues before rolling it out to everyone.
FAQs
Q: What if I click “Expire all passwords now”?
A: Users who log in with email/password must create a new password on next login.
Q: Will MFA log users out when I enable it?
A: No. Users stay logged in but will be prompted to set up MFA the next time they log in or when their current session expires.
Q: Can I exclude specific users from MFA?
A: No. Once MFA is enabled, it applies to everyone in the organization.
Troubleshooting Common Issues
Problem: MFA isn’t working for some users
- Confirm they’re using a supported authenticator app (e.g., Google or Microsoft Authenticator).
- Ensure users fully scan and save the QR code during setup.
- Confirm they're using the same device where the authenticator app was installed.
- Remind users to enter the 6-digit code accurately within the 30-second window.
Problem: Users are locked out after enabling MFA
- Temporarily disable MFA in the admin panel.
- Ask users to clear browser cache or try a different browser/device.
- Consult your IT team to verify IdP settings and access assignments.
Problem: Password expiry policies aren’t applying
- Ensure users are not authenticating via SSO.
- Double-check the expiration settings in the admin panel.
Need help setting things up? Reach out to Support or your Customer Success Manager.
Comments
0 comments
Please sign in to leave a comment.