> For the complete documentation index, see [llms.txt](https://docs.kpnthings.com/kpn-things/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.kpnthings.com/kpn-things/general-functions/user-management/two-factor-authentication.md).

# Two Factor Authentication

All KPN services use the **GRIP** authentication solution. As of 16 April **two-factor** **authentication** (2FA) is enabled for all Freemium and Explorer users. For other customers, this will be enabled as the default at a later stage; however, they can already activate it themselves. On this page, you can read how to manage the settings for two-factor authentication. Changes made to authentication settings will apply to **all users.**&#x20;

### **How to manage 2FA**

These settings can be adjusted by an **admin user** in the GRIP portal. Go to the [GRIP portal](https://mijnzakelijk.kpn.com/) or go in the Things Portal to the Organization tab, the Users page and click 'Edit roles':

1. Go to **Directories** in the menu
2. Select the **GRIP** directory
3. Open the **Authentication** tab

You are now in the Authentication settings of your GRIP environment.

<figure><img src="/files/pATgc6n5MbpNfGZQYu94" alt=""><figcaption></figcaption></figure>

## Standard setting (for Freemium and Explorer)

Scroll down in the **Authentication** menu to find the **Authentication Level** settings.

1. The **Required Authentication Level score** determines the points you need to reach before you can log in successfully. The standard setting is **30** points.&#x20;
2. **Credentials** (username/password) provide **20** points. Additionally, **10** (extra) points can be obtained with verification via SMS or Email.
3. The verification method **Passkey** provides the user with **30** points,once the Passkey has been created. &#x20;

<figure><img src="/files/Xtg2mw8nKJOAVqD2YGIb" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/crOzDzuYuH9XKFfPg1lE" alt=""><figcaption></figcaption></figure>

## Activate two-factor authentication (for other customers)

After you logged in to the [GRIP portal](https://mijnzakelijk.kpn.com/) and followed the steps as mentioned at [How to manage 2FA](https://docs.kpnthings.com/kpn-things/general-functions/user-management/multi-factor-authentication#how-to-configure-mfa), scroll down in the **Authentication** menu to find the **Authentication Level** settings.

Adjust the settings for the **Required Authentication Level** and set the **Authentication points** for SMS and Emai&#x6C;**.**&#x20;

{% hint style="success" %}
The settings as shown above are the **best practice** for **two-factor authentication**: combining SMS or Email with Credentials creates the required score for a successful login.
{% endhint %}

## Two Factor login

The login interface for all users has been **updated.** After filling in your **credentials** (username and password) you can choose your **preferred** option to log in successfully.

<figure><img src="/files/JVz1vvFXzMo7iAXxjJj9" alt=""><figcaption></figcaption></figure>

{% hint style="warning" %}
If you choose verification via SMS, it is important that a mobile phone number is set in the user account. Please check (and update, if necessary) this in the account of the relevant user via **Users** in the **GRIP portal**.\
\
From the Things Portal, the user can check (and update) this themselves via: **Profile** (top right) → **My KPN user details** → **Personal information**.
{% endhint %}


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.kpnthings.com/kpn-things/general-functions/user-management/two-factor-authentication.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.