Cmd enables you to create a trigger that requires users to authenticate using 2FA when they connect to one of your servers, and closes their session if they fail authentication. The following video shows how to set this up, and instructions are below:
From the ‘Triggers’ tab in the Cmd app, click Add trigger, and select Session trigger.
Name your trigger (e.g. MFA on Session Connect), then in the ‘Trigger query’ section, input:
session_connect = ‘true’
This will make the trigger fire whenever someone attempts to connect to your Cmd-enabled servers in the current Cmd project.
Next, under ‘Actions’, click Add action and select 2-factor authentication. Then, choose what Cmd does if a user fails to authenticate (by default after three attempts).
Note: users can authenticate using the methods enabled for your project under Project settings > Agent > 2-factor authentication options.
To terminate a user’s session when they fail 2FA, add a ‘Stop session’ action. To send an alert when a user fails 2FA, add a 'Create alert' action.
Refer to the above video to see how this will look from the perspective of a user attempting to connect to one of your servers.