---
title: "Kentik Portal"
slug: "kentik-portal"
description: "Explore the Kentik v4 portal's features, including secure login options and the Observation Deck, for seamless network performance monitoring."
updated: 2025-08-15T18:23:35Z
published: 2025-08-15T18:23:35Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://kb.kentik.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Kentik Portal

This article provides an introduction to the Kentik portal. Also see the [**Portal Overview**](/v1/docs/portal-overview)****from the Portal section of the Knowledge Base.

![](https://cdn.us.document360.io/082e25b5-afce-42d4-8f47-70bd3f1d02b7/Images/Documentation/image(8).png)

*The default landing page of the Kentik v4 portal is the Observation Deck.*

## About the Kentik Portal

The v4 portal is the main user interface for Kentik (see [**Platform vs. Portal**](/v1/docs/platform#platform-vs-portal)):

- Actively maintained on a continuous deployment model
- Offers access to the full capabilities of the Kentik platform.

To get started, read [**Portal Overview**](/v1/docs/portal-overview), then explore the modules, workflows, and settings of the v4 portal.

> [!NOTE]
> **Note:** Kentik’s v3 portal was fully retired as of March 31, 2025 and is longer accessible to customers. For assistance in transitioning to the current portal, contact [**Customer Care**](/v1/docs/customer-care).

## Browser Support

Kentik recommends the latest versions of thes browsers for use with its portal:

- [**Google Chrome**](https://www.google.com/chrome/)
- [**Mozilla Firefox**](https://www.mozilla.org/en-US/firefox/new/)
- [**Apple Safari**](https://support.apple.com/en-us/HT204416)
- [**Microsoft Edge**](https://www.microsoft.com/en-us/windows/microsoft-edge)

## Portal Login

Login to the Kentik portal is covered in the following topics.

### About Portal Login

Kentik supports various portal login approaches, each balancing convenience and security. These approaches aren’t mutually exclusive; users can have multiple layers of authentication, and those without one method can still access via another.

![](https://cdn.us.document360.io/082e25b5-afce-42d4-8f47-70bd3f1d02b7/Images/Documentation/Portal-Basic_login-338w.png)Portal login authentication has two layers: a required first layer and an optional second layer:

- **First layer** (required): Basic authentication using one of:
  - Email/password (see [**Basic Login**](/v1/docs/kentik-portal#basic-login)).
  - Single sign-on (see [**SSO Login**](/v1/docs/kentik-portal#sso-login)).
- **Second layer** (optional): More secure access using two-factor methods (see [**Two-factor Login**](/v1/docs/kentik-portal#twofactor-login)):
  - Time-based One-Time Password (TOTP).
  - YubiKey, a hardware authentication device from Yubico.

> [!NOTE]
> **Notes:**
> 
> - The **One-time Token** field on the Two-factor Authentication page (see [**Two-factor Login**](/v1/docs/kentik-portal#twofactor-login)) accepts any configured 2FA methods in your user profile (see [**Authentication Settings**](/v1/docs/user-profile#authentication-settings)).
> - Register as a user to log into Kentik (see [**Add a User**](/v1/docs/users#add-a-user)).
> - By default, the portal page upon login is the **Observation Deck**. Change this in your profile by clicking the User icon in the main nav bar, and selecting **User Profile** » **Default Settings** (see [**User Profile**](/v1/docs/user-profile)).

### Authentication Sequence

Portal login authentication follows this sequence:

- **First layer**:
  - If SSO is enabled, use SSO (see [**SSO Login**](/v1/docs/kentik-portal#sso-login)).
  - If SSO is not enabled, log in with email/password on the main portal login page (see [**Basic Login**](/v1/docs/kentik-portal#basic-login)).
- **Second layer**:
  - If TOTP and/or YubiKey is enabled, proceed to the Two-factor Authentication page after first-layer authentication. Enter a valid TOTP key or YubiKey key in the**One-Time Token** field (see [**Two-factor Login**](/v1/docs/kentik-portal#twofactor-login)).

> [!NOTE]
> **Notes:**
> 
> - The **One-time Token** field accepts any configured 2FA methods in your user profile (multiple methods may be configured simultaneously; see 2FA Authentication list in [**Two-factor Authentication**](/v1/docs/user-profile#twofactor-authentication)).
> - If **SSO Required** is enabled on the Admin » Single Sign-on page, only Super Admins can use [**Basic Login**](/v1/docs/kentik-portal#basic-login); all others must use SSO (see [**Additional Configuration Options**](/v1/docs/authentication-sso#additional-configuration-options)****and [**About Super Admin Users**](/v1/docs/authentication-sso#about-super-admin-users)).
> - If **Disable 2FA** is enabled on the Admin » Single Sign-on page, the second-layer authentication enabled for the user is bypassed when signing in with SSO.

### Basic Login

Basic login requires an email address and password associated with a registered user:

1. Go to [**https://portal.kentik.com/login**](https://portal.kentik.com/login).
2. Enter your email and password and click **Login**.
3. The portal opens to your specified landing page.

> [!NOTE]
> **Note*:*** If your organization is registered with Kentik in the EU, use [**https://portal.kentik.eu/login**](https://portal.kentik.eu/login).

### SSO Login

SSO login requires your organization to be set up for SSO in Kentik (see [**Single Sign-on**](/v1/docs/authentication-sso)).

![](https://cdn.us.document360.io/082e25b5-afce-42d4-8f47-70bd3f1d02b7/Images/Documentation/Portal-SSO_login-348h338w.png)Once set up, SSO access is enabled via either of the following paths:

- **SSO landing page**:
  - Go to `https://portal.kentik.com/login/sso/company_shortname`.
  - Click **Login**.
- **Direct**: Go to `https://portal.kentik.com/sso/company_shortname`.
- > [!NOTE]
> **Note*:*** If your organization is registered with Kentik in the EU, use [**https://portal.kentik.eu**](https://portal.kentik.eu).

Both paths lead to an authentication check (see [**How SSO Works**](/v1/docs/authentication-sso#how-sso-works)):

- If authenticated, you'll be automatically logged into the Kentik portal.
- If not, you'll be redirected to your identity provider’s login screen, then back to the Kentik portal upon successful authentication.

**Forgot your SSO URL?**![](https://cdn.us.document360.io/082e25b5-afce-42d4-8f47-70bd3f1d02b7/Images/Documentation/image(9).png)

If your organization has SSO enabled, but you don’t know the SSO URL.

Follow these steps to request the SSO URL:

1. Go to your [**Basic Login**](/v1/docs/kentik-portal#basic-login) page
2. Click **Looking for Single sign-on?** below the Login button.
3. Enter a Kentik-registered email address to which to send the SSO login URL.

> [!NOTE]
> **Notes:**
> 
> - If not authenticated, navigate to an SSO URL above to use SSO. Directly navigating to a portal page will redirect to the main portal login page (email/password) even with SSO enabled.
> - Kentik does not support single sign-out.

### Two-factor Login

If TOTP (time-based one-time password) and/or YubiKey are enabled in the **Authentication** tile on your **User Profile** page (see [**Authentication Settings**](/v1/docs/user-profile#authentication-settings)), an extra layer will be added to the login process:

1. ![](https://cdn.us.document360.io/082e25b5-afce-42d4-8f47-70bd3f1d02b7/Images/Documentation/Portal-2FA_login-173h338w.png)Follow the first-layer login process ([**Basic Login**](/v1/docs/kentik-portal#basic-login) or [**SSO Login**](/v1/docs/kentik-portal#sso-login)).
2. On the Two-factor Authentication page, enter the one-time token (key code) from either of the following:
  1. A TOTP-compliant application on your mobile phone or device.
  2. A YubiKey dongle plugged into your machine.
3. Click **Verify** to open the portal to your specified landing page.

> [!NOTE]
> **Notes*:***
> 
> - The **One-time Token** field accepts any configured 2FA methods in your [**User Profile**](/v1/docs/user-profile) (multiple methods may be configured simultaneously; see [**Authentication Settings**](/v1/docs/user-profile#authentication-settings)).
> - If **Disable 2FA** is enabled in Admin » **Single Sign-on** (see [**Additional Configuration Options**](/v1/docs/authentication-sso#additional-configuration-options)), the second layer of authentication (TOTP or YubiKey) won’t be required for SSO.
> - Common TOTP-compliant apps include Authy, Google Authenticator, Duo Mobile, LastPass, Microsoft Authenticator, FreeOTP Authenticator, and 1Password Authenticator.
> - Kentik recommends running TOTP apps on a separate device (e.g., mobile or tablet) to avoid defeating the purpose of 2-factor authentication.