• Account Management >
• Manage Your Two-Factor Authentication Options

Manage Your Two-Factor Authentication Options

Two-factor authentication provides a second layer of security for your Cloud Manager account.

Important

Legacy 2FA is deprecated. If you currently have legacy 2FA enabled you can continue to use it, but it is recommended that you switch to multi-factor authentication. To use multi-factor authentication, disable legacy two-factor authentication and enable multi-factor authentication instead.

Google Authentication Uses Google 2-Step Verification

Google manages your 2FA. You can’t use Cloud Manager two factor authentication and won’t be prompted for a Cloud Manager 2FA verification when you log into Cloud Manager. Google should verify your identity using Google 2-Step Verification

Cloud Manager requires 2FA to help users control access to their Cloud Manager accounts.

To log into Cloud Manager, a user must provide their password (“something you know”), as well as a second time-sensitive verification code, delivered during authentication (“something you have”). By requiring both factors, Cloud Manager can grant authentication requests with a higher degree of confidence.

Note

If an Organization Owner enables multi-factor authentication for an organization, all organization members must enable multi-factor authentication individually to access the organization. Organization members who have not enabled MFA are able to access Cloud Manager, but not the organization for which MFA is required.

After you enter your username and password, you are prompted for a six-digit time-sensitive verification code. This code is sent to a separate device, such as a mobile phone or security token, that you can read and enter into Cloud Manager and complete your login.

Cloud Manager provides the following sources for 2FA verification codes:

• Text/Voice
• 2FA App
• 2FA device

Text Messages (SMS)

When Cloud Manager prompts you for a verification code, Cloud Manager sends the 6-digit verification code using text (SMS) to the provided phone number.

The cellular carrier’s SMS rates apply.

Automated Voice Calls (US / Canada only)

When Cloud Manager prompts you for a verification code, Cloud Manager calls the provided phone number. An automated system repeats the 6-digit verification code a total of three times before hanging up.

The cellular carrier’s Voice Call rates apply.

Note

Cloud Manager users who operate within a geographic region with limited cellular service coverage or reliability may encounter delays in receiving the 2FA code via SMS or Voice. Consider using a 2FA app or device instead.

When Cloud Manager prompts you for a verification code, you can provide one that is generated in a 2FA app. You must pair the 2FA app with Cloud Manager first.

This tutorial uses the Google Authenticator mobile app.

There are other mobile device apps and web browser plug-ins that provide 2FA capabilities. You can use any that support the TOTP.

You can pair only one app with Cloud Manager at any one time.

When Cloud Manager prompts you for a verification code, you can provide one that is generated in a 2FA PIV device. You must pair the PIV device app with Cloud Manager first using an 2FA app. These devices must support TOTP.

This procedure uses a YubiKey security key, specifically those that work with Authenticator Codes. Other 2FA PIV hardware devices that use TOTP should work in a similar fashion.

Informational Reference only

MongoDB does not endorse the aforementioned service, and its reference is intended only as informational. Defer to your organization’s procedures in selecting the appropriate vendor or service for supporting 2FA via smart card or similar device.

Configure Two-Factor Authentication

1

Go to your Cloud Manager Two-Factor Authentication settings.

1. In Cloud Manager, click your username in the top-right corner and select Two-Factor Authentication.
2. Click 2FA in the left navigation pane.

2

Enable Two-Factor Authentication.

Click Enable 2FA or click pencil icon .

When prompted for verification:

• If you are setting up 2FA, enter your password.
• If you are editing your 2FA settings, enter a 2FA code.
• Click Verify.

3

Configure Voice/SMS Authentication.

1. Click Primary Method
2. Click Voice/SMS Number.
3. In the Enter your phone number box, enter your preferred mobile phone number.
4. Select your preferred method of receiving codes:
   • Text Message (SMS) or
   • Voice Call (US / Canada Only)
5. Click Verify.
6. Once you receive the verification code, enter that code into the into the Verify your code boxes. Each digit is entered in its own box.

Cloud Manager automatically verifies the code and saves your settings.

1

Go to your Cloud Manager Two-Factor Authentication settings.

1. In Cloud Manager, click your username in the top-right corner and select Two-Factor Authentication.
2. Click 2FA in the left navigation pane.

2

Enable Two-Factor Authentication.

Click Enable 2FA or click pencil icon .

When prompted for verification:

• If you are setting up 2FA, enter your password.
• If you are editing your 2FA settings, enter a 2FA code.
• Click Verify.

3

Configure your Cloud Manager 2FA settings.

1. Click Primary Method.
2. Click Google Authenticator.

4

On your mobile device or web browser, install Google Authenticator.

Although only Google Authenticator is displayed in the UI, any TOTP mobile app or web browser plug-in may be used.

Note

Wherever you see the phrase Google Authenticator in this procedure, you can substitute the name of your preferred 2FA app.

App	iOS	Android	Windows Phone	Blackberry
Google Authenticator	Link	Link
Duo Mobile	Link	Link	Link
Authy	Link	Link
Microsoft Authenticator	Link	Link	Link
Gauth				Link

5

Add Cloud Manager to Google Authenticator.

1. Start Google Authenticator.

2. Click +.

3. Choose how to pair the Google Authenticator app with Cloud Manager.

   • If your mobile device or web browser supports scanning barcodes, click Scan a barcode.

     Enable the device’s camera, if prompted, and point the device at the Cloud Manager page to capture the barcode.

   • If your mobile device or web browser does not support scanning barcodes, or if you prefer to enter a key, click Enter provided key.

     1. Cloud Manager displays the Cloud Manager Account with a Key.

     2. In Google Authenticator, click Enter provided key then enter the account and key.

        (Duo Mobile, Authy and other apps have similar prompts.)

     After the barcode is scanned or account and key are entered, the Google Authenticator app produces a 6-digit code to verify the pairing.

4. Once you receive the verification code, enter that code into the into the Verify your code boxes. Each digit is entered in its own box.

Cloud Manager automatically verifies the code and saves your settings.

See also

• Pairing third-party applications with Duo Mobile
• Pairing third-party applications with Authy
• Pairing third-party applications with Microsoft Authenticator

1

Download and install the Yubico Authenticator.

1. From a web browser, download the Yubico Authenticator application.
2. Double-click on the installer and follow the prompts.

2

Insert your Yubikey into a USB port.

3

Go to your Cloud Manager Two-Factor Authentication settings.

1. In Cloud Manager, click your username in the top-right corner and select Two-Factor Authentication.
2. Click 2FA in the left navigation pane.

4

Enable Two-Factor Authentication.

Click Enable 2FA or click pencil icon .

When prompted for verification:

• If you are setting up 2FA, enter your password.
• If you are editing your 2FA settings, enter a 2FA code.
• Click Verify.

5

Configure your Cloud Manager 2FA settings.

1. Click Primary Method.
2. Click Google Authenticator.

6

Add Cloud Manager to the Yubikey.

1. Start the Yubico Authenticator.

2. Make sure that your web browser is open to your Cloud Manager Two-Factor Authentication modal with the Google Authenticator button selected.

3. From the File menu in Yubico Authenticator, select Scan QR code….

4. In the New credential dialog box, confirm the following settings:

   Option	Accepted Value	Keep Default?
   Issuer	The name you want to display in the Yubico Authenticator application for Cloud Manager.	Your choice
   Account name	Your Cloud Manager username.	Yes
   Secret key	Token generated from the QR code.	Yes
   Type	Method that determines when to generate a new code.	Yes
   Algorithm	Encryption algorithm the token uses.	Yes
   Period	Duration that each verification code is valid.	Yes
   Digits	Number of digits in the verification code.	Yes
   Requires touch	Indicates user must be touching the contacts on the Yubikey when verification code is accepted.	User choice

5. Click Save credential.

   The verification code displays in the Yubico Authenticator under the heading you gave Cloud Manager as the Issuer.

6. Once you receive the verification code, enter that code into the into the Verify your code boxes. Each digit is entered in its own box.

   Note

   You can copy the code from the Yubico Authenticator application. Click the name you gave as Issuer then select Copy to Clipboard from the Edit menu.

Cloud Manager automatically verifies the code and saves your settings.

Two-Factor Authentication on a Shared Account

A global team that shares the same Cloud Manager account can use Google Authenticator and use the same seed code for all team members. To generate a common seed code that all team members can use, select the Can’t scan the barcode? link when Configuring Two-Factor Authentication with Google Authenticator.

Generate New Recovery Codes

As a backup, you can generate recovery codes to use in place of a sent code when you do not have access to a phone, 2FA app or 2FA device. Each recovery code is single-use, and you should save these codes in a secure place. When you generate new recovery codes, you invalidate previously generated ones.

1

Go to your Cloud Manager Two-Factor Authentication settings.

1. In Cloud Manager, click your username in the top-right corner and select Two-Factor Authentication.
2. Click 2FA in the left navigation pane.

2

Edit your Two-Factor Authentication settings.

Click pencil icon to the right of Two Factor Authentication.

When prompted for verification, enter a 2FA code then click Verify.

3

Click Show Recovery Codes.

Each time you expand this box, Cloud Manager generates a new set of codes.

Keep the codes in a safe place. Each code can be used in conjunction with your username and password to not only access Cloud Manager but to reset your security settings on Cloud Manager.

Reset Legacy Two Factor Authentication

If you have legacy 2FA enabled and you lose access to your 2FA device, you can reset 2FA for your account.

Because legacy 2FA is deprecated, you cannot re-establish it after you reset it. Instead, you can enable multi-factor authentication.

Important

The following procedure resets legacy 2FA for your Cloud Manager account. To edit multi-factor authentication settings, see multi-factor authentication.

1. Log in to Cloud Manager with your username and password.

2. When the 2FA prompt displays:

   1. Click the Reset your two-factor authentication link.
   2. Click Cloud Manager user? Click here at the bottom of the Reset Two Factor Authentication modal.

3. Type your Cloud Manager username.

4. Click Reset Two Factor Authentication.

   Cloud Manager emails a link to the e-mail account associated with the Cloud Manager username.

5. Check your email.

6. Click the link that Cloud Manager sent to start the 2FA reset procedure.

7. Follow the directions on the 2FA reset page. After completing the reset procedure, Cloud Manager allows you to log in to the Cloud Manager account without requiring a 2FA code.

←   Manage Your Multi-Factor Authentication Options Process Payment for Cloud Manager  →

© MongoDB, Inc 2008-present. MongoDB, Mongo, and the leaf logo are registered trademarks of MongoDB, Inc.