# Two Factor Authentication
All KPN services use the **GRIP** authentication solution. As of 16 April **two-factor** **authentication** (2FA) is enabled for all Freemium and Explorer users. For other customers, this will be enabled as the default at a later stage; however, they can already activate it themselves. On this page, you can read how to manage the settings for two-factor authentication. Changes made to authentication settings will apply to **all users.**
### **How to manage 2FA**
These settings can be adjusted by an **admin user** in the GRIP portal. Go to the [GRIP portal](https://mijnzakelijk.kpn.com/) or go in the Things Portal to the Organization tab, the Users page and click 'Edit roles':
1. Go to **Directories** in the menu
2. Select the **GRIP** directory
3. Open the **Authentication** tab
You are now in the Authentication settings of your GRIP environment.
## Standard setting (for Freemium and Explorer)
Scroll down in the **Authentication** menu to find the **Authentication Level** settings.
1. The **Required Authentication Level score** determines the points you need to reach before you can log in successfully. The standard setting is **30** points.
2. **Credentials** (username/password) provide **20** points. Additionally, **10** (extra) points can be obtained with verification via SMS or Email.
3. The verification method **Passkey** provides the user with **30** points,once the Passkey has been created.
## Activate two-factor authentication (for other customers)
After you logged in to the [GRIP portal](https://mijnzakelijk.kpn.com/) and followed the steps as mentioned at [How to manage 2FA](https://docs.kpnthings.com/kpn-things/general-functions/user-management/multi-factor-authentication#how-to-configure-mfa), scroll down in the **Authentication** menu to find the **Authentication Level** settings.
Adjust the settings for the **Required Authentication Level** and set the **Authentication points** for SMS and Email**.**
{% hint style="success" %}
The settings as shown above are the **best practice** for **two-factor authentication**: combining SMS or Email with Credentials creates the required score for a successful login.
{% endhint %}
## Two Factor login
The login interface for all users has been **updated.** After filling in your **credentials** (username and password) you can choose your **preferred** option to log in successfully.
{% hint style="warning" %}
If you choose verification via SMS, it is important that a mobile phone number is set in the user account. Please check (and update, if necessary) this in the account of the relevant user via **Users** in the **GRIP portal**.\
\
From the Things Portal, the user can check (and update) this themselves via: **Profile** (top right) → **My KPN user details** → **Personal information**.
{% endhint %}
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.kpnthings.com/kpn-things/general-functions/user-management/two-factor-authentication.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.