Required Roles: N/A
Required Permissions: N/A
Overview
At Kivo, protecting your data and maintaining compliance with industry regulations are top priorities. Many pharmaceutical, biotech, and medical device organizations must follow strict access control and data integrity requirements outlined in 21 CFR Part 11, Annex 11, and related GxP standards.
Multi-Factor Authentication (MFA) supports these requirements by adding an extra layer of security for users who log in directly with a username and password. Even if a password is compromised, MFA helps ensure that only verified users can access sensitive data, helping organizations maintain compliance and safeguard electronic records.
Organizations that connect to Kivo using Single Sign-on (SSO) such as Okta or Entra ID (formerly Azure AD) manage their MFA policies through their own identity provider. Auth0 automatically recognizes these connections and does not require a second MFA prompt, ensuring a seamless and unified login experience.
For customers who do not use SSO, Kivo offers built-in MFA management through our trusted identity partner Auth0. Enabling MFA provides enhanced protection for password-based logins, particularly for external partners, consultants, or users who access Kivo independently. To enable MFA for your environment, contact your Implementation Manager or Kivo Support for setup assistance.
How MFA Works
For users who log in directly to Kivo with a username and password, MFA requires confirmation through an authenticator app on a mobile device. Once MFA is enabled, users must complete both steps to access Kivo:
Enter your email and password.
Confirm your identity using your chosen authenticator app.
Authentication Scenarios
SSO Users: Internal users who log in through Single Sign-on (SSO) are authenticated by their organization’s identity provider. MFA enforcement occurs within that provider, not within Kivo.
Password-Authenticated Users: Users who log in directly to Kivo with an email and password are required to complete MFA using a supported authenticator app. These users are typically external partners, consultants, or users not yet connected through SSO.
Once users enroll an authenticator app, MFA is automatically applied each time they log in.
Supported Authenticator Apps
Kivo supports app-based authentication only. SMS-based verification is not used.
Any Time-based One-Time Password (TOTP) app is supported, including:
Okta Verify
Google Authenticator
Microsoft Authenticator
Authy
Any other TOTP-compliant application
Setting Up MFA
Follow the steps below to enable MFA for your Kivo environment:
Step 1. Contact your Implementation Manager or Kivo Support.
Step 2. Request to have MFA enabled for your Kivo environment.
Step 3. Once enabled, follow the enrollment prompt at your next sign-in to register your authenticator app.
Additional Information
For related articles, see:
Authentication & Security Multi-Factor Authentication (MFA)