# Multi Factor Authentication
All KPN services use the **GRIP** authentication solution. By default, users log in with a username and password. However, for added security, you can enable **two-factor** (2FA) or **multi-factor** (MFA) autentication.
Changes made to authentication settings will apply to **all users**.
{% hint style="warning" %}
Before enabling multi-factor authentication, ensure that every user has a valid **mobile number** entered in their user profile. This is essential for successful authentication using **SMS**.
{% endhint %}
### **How to configure MFA**
These settings can be adjusted by an **admin user** in the MijnKPN portal:
1. Go to **Directories** in the menu
2. Select **GRIP**
3. Open the **Authentication** tab
You are now in the Authentication settings of your GRIP environment.
## Standard setting
Scroll down in the **Authentication** menu to find the **Authentication Level** settings.
* The **Required Authentication Level score** determines the points you need to reach before you can log in successfully
* In this example (standard settings), the points for **Credentials (username/password)** equal the required score (20), so you can log in without additional authentication methods
## Multi Factor setting
Scroll down in the **Authentication** menu to find the **Authentication Level** settings.
1. The **Required Authentication Level score** must be higher than the points for Credentials (username/password) alone.
* In this example (standard settings), **Credentials (username/password)** provide 20 points, but the required score is 25. This means you need an extra authentication method.
* To enable **SMS authentication**, assign more than 0 points. **Add 5 points** so that SMS + Credentials reach the required 25 points.
* To enable **Email authentication**, assign more than 0 points. **Add 5 points** so that Email + Credentials reach the required 25 points.
* The settings below show **best practice** for multi-factor authentication: combining SMS or Email with Credentials creates the required score for a successful login.
{% hint style="success" %}
The settings below are a best practice to correctly setup multi factor authentication. In this case the combination of either SMS or Email together with the point of the credentials create the level of points needed to successfully login.
{% endhint %}
{% hint style="danger" %}
It is also possible to add **Ubiqu Authentication** as an authentication method. This does require to install a mobile app to be able to login with a password numerical code.
**Ubiqu Authentication** is available in the Google and Apple App store.
{% endhint %}
## Multi Factor login
The login interface for all users has been **updated** to the view shown below.\
Simply choose your **preferred** option to log in successfully.
**Ubiqu Authentication** is available in the Google and Apple App store.
{% endhint %}
## Multi Factor login
The login interface for all users has been **updated** to the view shown below.\
Simply choose your **preferred** option to log in successfully.
