Security

Kiuwan provides security settings to help you protect your account and control user authentication. Use this page to manage password changes, enable additional login protections such as multi-factor authentication (MFA), and manage API tokens for REST API authentication. 

Change Password

Account owners can set a new password directly. However, regular users must request a password reset from an account owner.

1. Go to Account Management > Change Password.
2. Enter your Current Password.
3. Enter your New Password (follow the password policy shown in the right-side banner).
4. Repeat the new password and click Save.

Multi-factor authentication

Multi-factor authentication (MFA) adds an extra layer of security to your Kiuwan account by requiring a one-time verification code during login. This reduces the risk of unauthorized access, even if a password is compromised.

When MFA is enabled, Kiuwan sends a secure, one-time code to the user’s email address as part of the login process.

• The emailed code is valid for 30 minutes.
  
• The same code cannot be used for more than one login.
• If a user logs in to two concurrent sessions, they must request a new code for the second session.
• Users can request a new code using Send again.
  • After each code request, Send again is disabled for 3 minutes.
• If there are 3 failed login attempts, the user is locked out of their Kiuwan account for 60 minutes.

Note: Enabling multi-factor authentication is not available and is not required if your account has SSO (Single Sign-On) configured.

API Token

API tokens provide a secure way to authenticate REST API requests without exposing a Kiuwan username and password.

Use API tokens when you need to automate Kiuwan integrations, such as CI/CD workflows, scripts, or server-to-server communication. If an integration fails or a token is compromised, you can delete the token and generate a new one without changing the user’s account credentials.

Generate an API token

1. Go to Account Management > Security.
2. In the API Token section, click Generate API Token.
   

3. In the Save API Token dialog, copy the generated token and store it in a secure location.
   

   Important: The token is shown only once. After you close the dialog, the token value is no longer visible in Kiuwan.

4. Enter a name for the token.
   Use a clear name that helps identify where the token is used, such as the integration, pipeline, or environment. For more information, click Naming conventions.
   

   Note: Two active tokens cannot have the same name.

5. Click Save API Token. 

Manage API tokens

You can create and manage up to 10 API tokens. The API token list includes the following information:

• Token name
• Creation date
• Last used date
• Actions

Delete an API token

Delete an API token when it is no longer needed, when an integration changes, or when you need to rotate credentials for security reasons.

1. Go to the API Token section.
2. Find the token you want to remove.
3. Click Delete Token.
   

4. Confirm the deletion.

   Important: After an API Token is deleted, it cannot be reused. Any integration that uses the deleted token will no longer be able to authenticate API requests until you configure it with a new token.