Docs Home → MongoDB Cloud Manager
Manage Your Two-Factor Authentication Options
On this page
Two-factor authentication provides a second layer of security for your Cloud Manager account.
Important
Legacy 2FA is deprecated. If you currently have legacy 2FA enabled you can continue to use it, but it is recommended that you switch to multi-factor authentication. To use multi-factor authentication, disable legacy two-factor authentication and enable multi-factor authentication instead.
Note
Google Authentication Uses Google 2-Step Verification
Google manages your 2FA. You can't use Cloud Manager two factor authentication and won't be prompted for a Cloud Manager 2FA verification when you log into Cloud Manager. Google should verify your identity using Google 2-Step Verification
Cloud Manager requires 2FA to help users control access to their Cloud Manager accounts.
To log into Cloud Manager, a user must provide their password ("something you know"), as well as a second time-sensitive verification code, delivered during authentication ("something you have"). By requiring both factors, Cloud Manager can grant authentication requests with a higher degree of confidence.
Note
If an Organization Owner
enables multi-factor authentication for an
organization, all
organization members must enable multi-factor authentication individually to access the
organization. Organization members who have not enabled MFA are
able to access Cloud Manager, but not the organization for which MFA is
required.
After you enter your username and password, you are prompted for a six-digit time-sensitive verification code. This code is sent to a separate device, such as a mobile phone or security token, that you can read and enter into Cloud Manager and complete your login.
Cloud Manager provides the following sources for 2FA verification codes:
Configure Two-Factor Authentication
Two-Factor Authentication on a Shared Account
A global team that shares the same Cloud Manager account can use Google Authenticator and use the same seed code for all team members. To generate a common seed code that all team members can use, select the Can't scan the barcode? link when Configuring Two-Factor Authentication with Google Authenticator.
Generate New Recovery Codes
As a backup, you can generate recovery codes to use in place of a sent code when you do not have access to a phone, 2FA app or 2FA device. Each recovery code is single-use, and you should save these codes in a secure place. When you generate new recovery codes, you invalidate previously generated ones.
Reset Legacy Two Factor Authentication
If you have legacy 2FA enabled and you lose access to your 2FA device, you can reset 2FA for your account.
Because legacy 2FA is deprecated, you cannot re-establish it after you reset it. Instead, you can enable multi-factor authentication.
Important
The following procedure resets legacy 2FA for your Cloud Manager account. To edit multi-factor authentication settings, see multi-factor authentication.
Log in to Cloud Manager with your username and password.
When the 2FA prompt displays:
Click the Reset your two-factor authentication link.
Click Cloud Manager user? Click here at the bottom of the Reset Two Factor Authentication modal.
Type your Cloud Manager username.
Click Reset Two Factor Authentication.
Cloud Manager emails a link to the e-mail account associated with the Cloud Manager username.
Check your email.
Click the link that Cloud Manager sent to start the 2FA reset procedure.
Follow the directions on the 2FA reset page. After completing the reset procedure, Cloud Manager allows you to log in to the Cloud Manager account without requiring a 2FA code.