Sign in

Go to "Sign in" if you have previously created an account, otherwise "Sign up" to create a new account:

Figure 1: IdM Log in page

Figure 2: IdM Sign up page

Once you have logged successfully, you will be redirect to the home page. There are two main sections, Applications and Organizations.

Figure 3: IdM home page

Visible attributes

Look at the vertical menu on the left and click on the "Edit your account" option.

In this page there is a drop-down menu that allows you to select which attributes you want to show on your profile.

Figure 4: Select visible attributes

Shared attributes

When you authorize an application through OAuth, you can select which attributes you want to share with the application.

After you sign in with your credentials, you will see a page with a drop down menu. In this menu you can select the attributes from your profile that the application will be able to access.

Figure 6: Select shared attributes

Once you are finished, click the Authorize button to finish with the authorization process.

Two Factor Authentication

Two Factor Authentication, also known as two-step verification, is an extra layer of security for authenticating a user. In any security system, there are three authentication factors which can be used: something the user knows, something that he owns and something that he is. Two factor authentication uses the first two: a combination of username and password (knwoledge) and a physical token (possession.)

In KeyRock’s implementation of two factor authentication, the physical token is the users’ smart phone thanks to an app. This app will, after being correctly set up, generate unique time-based passwords (also know as verification codes) that will authenticate the user in combination with the right username and password. The app needs no internet connection to generate the verification codes after being set up.


You will need to install a third party app that implements the Open MFA standards defined in RFC 4226 (HOTP: An HMAC-Based One-Time Password Algorithm) and in RFC 6238 (TOTP: Time-Based One-Time Password Algorithm).


Google Authenticator

Enablig two factor authentication

To enable it you must log into KeyRock and head to your settings menu. A two factor section is there with all the instructions to follow. In summary, you will need to:

  • Provide a question and its answer (keep it secret!)
  • Scan the provided QR with the application or insert the secret manually
  • Insert the code generated by the application in Keyrock

Sign in

Once two factor authentication is enabled, your loging process will have a new step. After providing your username and password you will be asked for the verification code generated by your app.

!!! note For convenience, you can remember your computer and no verification codes will be asked when you log in from it. Use this option only in trusted computers.

Disable two factor authentication

Simply log into your account, head to settings and disable it in its respective section. Once disabled, you can log in normally in all computers.

What happens if i lose my phone or uninstall the app

As a security measure in case of lost or theft of the smart phone or the app, we also ask for a security question and a secret answer to be provided on the activation process. This question and answer can be used to disable two factor authentication with out need to authenticate.