Kentik Portals

This article provides a high-level introduction to Kentik's portal, which are covered in the following topics:

• About the Kentik Portals
• Browser Support
• Portal Login

The user interface for Kentik can currently be accessed via two distinct portals:

• v4 portal: The v4 portal is the current version of Kentik UI. The v4 portal is actively maintained on a continuous deployment model and offers access to the full capabilities of the Kentik platform. To explore the modules, workflows, and settings of the v4 portal, start with Portal Overview.
• v3 portal (deprecated): The v3 portal was launched in 2017, marking a major upgrade in the design and functionality of the user interface for Kentik. The v3 portal was superseded by the v4 portal in 2019. It is documented in the KB at v3 Portal.

Note: While the v3 portal remains available for customers who prefer various aspects of the v3 UI, Kentik is not maintaining feature parity between the two portals. To take advantage of the complete range of Kentik capabilities customers are advised to make a full transition to the v4 portal.

Kentik supports and recommends the latest versions of the following browsers for use with the Kentik portals:

• Google Chrome: https://www.google.com/chrome/
• Mozilla Firefox: https://www.mozilla.org/en-US/firefox/new/
• Apple Safari: https://support.apple.com/en-us/HT204416
• Microsoft Edge: https://www.microsoft.com/en-us/windows/microsoft-edge

Login to the Kentik portals is covered in the following topics:

• About Portal Login
• Authentication Sequence
• Basic Login
• SSO Login
• Two-factor Login

Kentik supports a variety of approaches to portal login, each of which represents a different tradeoff between convenience and security. These approaches are not mutually exclusive; multiple layers of authentication may be enabled for a given user, and a user for whom authentication is unavailable via one method can still gain access via a different method.

The basic structure of portal login authentication is two layers with two options each:

• First layer (required): Basic authentication using one of the following methods:
  - Email/password (see Basic Login).
  - Single sign-on (see SSO Login).
• Second layer (optional): More secure access that adds another checkpoint using either of the following two-factor methods (see Two-factor Login):
  - Time-based one-time password (TOTP).
  - YubiKey, a hardware authentication device manufactured by Yubico.

Notes:
- The One-time Token field on the Two-factor Authentication page (see Two-factor Login) will accept any of the 2FA methods that you have configured in your user profile (see Authentication Settings).
- You must be a registered user to log into Kentik. For user registration, see Add a User.
- By default the portal page that is opened upon login is the Library, but this setting can be changed in the Default Settings tile of your profile page (choose My Profile from the drop-down menu at the right of the main portal navbar; see User Profile).

The authentication sequence at portal login is as follows:

• First layer:
  - If SSO is enabled, first-layer authentication is handled with SSO (see SSO Login).
  - If SSO is not enabled, you can log in with email/password on the main portal login page (see Basic Login).
• Second layer: If TOTP and/or YubiKey is enabled, you'll be taken to the Two-factor Authentication page after first-layer authentication. A valid key for TOTP or YubiKey will be accepted in the One-Time Token field (see Two-factor Login).

Notes:
- The One-time Token field will accept any of the 2FA methods that you have configured in your user profile (multiple methods may be configured simultaneously; see 2FA Authentication list in Two-factor Authentication).
- If the SSO Required switch on the Admin » Single Sign-on page is on (see Additional Configuration Options) then only a Super Admin user (see About Super Admin Users) can sign on using Basic Login; all others must use SSO.
- If the Disable 2FA switch on the Admin » Single Sign-on page is on then the second-layer authentication enabled for the user, if any, will be bypassed when signing in with SSO.

Basic login requires the email address and password associated with a registered user:

1. Go to https://portal.kentik.com/login
2. Enter the email address and password.
3. Click the Login button.
4. The portal will open to your specified landing page.

Note: If your organization is registered with Kentik in the EU, the above URL should instead be https://portal.kentik.eu/login.

SSO login requires that your organization is set up to use SSO in Kentik (see Single Sign-on). Once setup is complete, SSO access is enabled via either of the following paths:

• SSO landing page:
  - Go to https://portal.kentik.com/login/sso/company_shortname.
  - Click the Login button.
• Direct: Go to https://portal.kentik.com/sso/company_shortname.

Note: If your organization is registered with Kentik in the EU, the above URLs should instead begin with https://portal.kentik.eu.

Both of the above paths lead to an authentication check (see How SSO Works):

• If you're already authenticated, meaning that you have a valid active session as defined by your identity provider (IdP), you'll be automatically logged into the Kentik portal.
• If you're not already authenticated you'll be redirected to the login screen of your IdP, then back to the Kentik portal upon successful authentication.

Notes:
- If you're not already authenticated, you must navigate to one of the SSO URLs listed above in order to use SSO. If you instead try to navigate directly to a page in the portal you will be redirected to the main portal login page (email/password) even if SSO is enabled.
- Kentik does not currently support single sign-out.
- If you think your organization has SSO enabled but you don't know the URL for your SSO login page, go to your Basic Login page and click the Looking for Single sign-on? link just below the Login button. You'll be taken to a page where you can enter the email address of a registered user to whom the SSO login URL can be sent.

If TOTP (time-based one-time password) and/or YubiKey have been enabled in the Authentication tile on your User Profile page (see Authentication Settings), an extra layer will be added to the login process:

1. Follow the steps in first-layer login process, either Basic Login or SSO Login.
2. On the resulting Two-factor Authentication page, enter the one-time token (key code) from either of the following:
   - A TOTP-compliant application on your mobile phone or other device.
   - A YubiKey dongle plugged into your machine.
3. Click the Verify button. The portal will open to your specified landing page.

Notes:
- The One-time Token field will accept any of the 2FA methods that you have configured in your User Profile (multiple methods may be configured simultaneously; see Authentication Settings).
- If the Disable 2FA switch is on in Admin » Single Sign-on (see Additional Configuration Options) then the second layer of authentication (TOTP or YubiKey) will not be required when you log in using SSO.
- Common TOTP-compliant applications include Authy, Google Authenticator, Duo Mobile, LastPass, Microsoft Authenticator, FreeOTP Authenticator, and 1Password Authenticator.
- Kentik recommends running TOTP applications on a separate device (e.g. mobile or tablet) rather than on the same machine that you use to access the Kentik portal (which defeats the purpose of 2-factor authentication).