You and your team can use 2FA to authenticate on Cmd-protected servers, and to access the Cmd web app. To require 2FA for SSH access, add triggers. To require 2FA for web app access, see global security settings.

This page explains how to set up 2-factor authentication methods for your own account. You can only set up the methods that your organization's Cmd administrators have enabled. If you want to set up SSO (e.g. Okta, Azure AD), see the integrations overview.

Your admins may enable some options for the web app but not for SSH sessions, or vice versa.

Table of contents


Getting to the 'Security preferences' page

  1. In the top-right corner of the web app, click the current project's name to open the drop-down menu.

  2. Select Account settings.
    If you are a server operator, the web app will show your account settings automatically.

  3. Select Security preferences on the left-hand menu.

  4. Scroll to the '2-factor authentication' section. Here, you'll see options to turn on any methods your admins have enabled.

Google authenticator setup

  1. Click Enable Google authenticator.

  2. Download and install the Google Authenticator app on your mobile device.

  3. Open the app on your phone.

  4. Using your phone, scan the QR code shown on your computer.

  5. This should prompt an authentication code to appear on your phone. Type this code into the corresponding field within the Cmd web app.

  6. Click Enable Google authenticator.

  7. If you are prompted, enter your password then click Verify.


YubiKey setup

  1. Click Register YubiKey.

  2. Insert your YubiKey into your computer and once it starts blinking, tap the button on your YubiKey.

  3. YubiKey will take care of the rest.

One-time codes setup

You can generate a set of one-time backup codes that can grant you access to the Cmd web app. You can only use each code once. If you generate a new set of backup codes, previously-generated codes become invalid.

  1. On the 'Security preferences' screen of the Cmd web app, click Generate new one-time backup codes.

  2. If prompted, enter your password, then click Verify

  3. A list of 10 randomly-generated backup codes will be shown on your screen. Click Print codes and/or write them down in a safe place
    Note: After you've generated codes, this page will remind you of the last time you generated backup codes and how many (of the 10 generated) you've used so far.


Duo setup

Select one of the available Duo integrations. Duo can be used in SSH sessions but not on the web app.


Related resources 

  • This guide doesn't explain how to set up SSO via Okta, Azure, etc. To set them up, see third-party integrations

  • Learn how to log in to the web app with 2FA


Did this answer your question?