Overview
With the new release of Kaseya Patch 9.5.0.24, Kaseya introduces a new and the most awaited feature i.e. 2FA. It has been designed to facilitate and empower secured access for its users. The feature is meant to prevent unauthorized users from accessing the VSA account.
Enabling the 2FA feature provides a user to enter not only the credentials (username and password) but to submit a Time-based One-Time Password (TOTP) in order to access the VSA.
TOTP is a code generated by an Authenticator application the same as other 2FA codes. Recommended Authenticator Applications are
- Google Authenticator
- Microsoft Authenticator
In VSA, we can config 2FA at below levels:
- User-level - 2FA feature is toggled as required for an entire tenant by Tenant Admin or for users
- Tenant level - Users in the System and Master Role can configure 2FA feature within their tenant
How It Works:
While login into Kaseya VSA you will be prompted for setting up the 2FA, further you just must scan the QR code within one of the applications mentioned above and it's all done. You can also choose to skip this for now, but it would be mandatory from 31st December.
Remember, to use in-built 2FA with VSA instance the native VSA 2FA AuthAnvil should not be in use. As 2FA option under System>Logon Policy should be greyed out.
If you are using AuthAnvil you must disable it to use this new 2FA feature as both are conflicting to each other and sadly, but both can’t be used together based on the user preference for now. In case if you are looking forward to steps for disabling AuthAnvil please follow the below instructions:
- Please make sure to match the below configuration within the AuthAnvil module in your VSA.
- enter the AuthAnvil SAAS URL to - https://localhost/AuthAnvil/sas.asmx
After that, you can able to use and config 2fA under System > Server Management > Logon Policy
Looking forward to implementing the 2FA and other security recommendations for your Kaseya VSA, Contact us!!!