Two-Factor Authentication
Learn more about Verkada's built-in option for 2-Factor Authentication (2FA)
Enabling two-factor authentication (2FA) adds an extra layer of security to your account, significantly reducing the risk of unauthorized access by requiring a secondary verification method beyond just a password.
Org Admins are required to enable 2FA when setting up their accounts. However, if you log in with SSO, 2FA will be handled by your identity provider.
Enable 2FA on your Command account
In the bottom left of Verkada Command, click the org icon.
Click My Account.
Next to Two-Factor Authentication, click Add.
Select the type of authentication you want to set up:
a. Passkey or biometric authenticator b. Authenticator App c. SMS
Enter your password and click Continue.
Follow the prompts to complete the setup.
Passkey or biometric authenticator
With 2FA via security key or biometric authenticator, you can set up device-specific verification methods like TouchID and FaceID, as well as external security keys like YubiKey or phone as a passkey.
You can set up multiple passkeys/biometric authenticators for the same account using different devices.
Passkeys and biometric authenticators are not supported by the Verkada Command mobile app.
Authenticator app
With 2FA by an authenticator app, you will see a 6-digit code automatically generated. This code expires every 30 seconds, so check the app for a new code each time you log in.
For help adding a QR code, contact the app's vendor for troubleshooting steps.
SMS
With 2FA via SMS, you will receive a 6-digit code in a text message. This phone number can be different from the number verified on your profile.
Enforce organization-wide 2FA
2FA is required for all Org Admins in Command. Org Admins will be prompted to set it up at their next login if not already configured. This requirement cannot be bypassed. However, if you log in with SSO, 2FA is handled by your identity provider.
Org Admins can enforce 2FA for all users in the organization. When enforced, users will be required to have a minimum of 1 authentication method set up.
In Verkada Command, go to All Products > Admin.
In the left navigation, select Login & Access.
Select Two-factor Authentication > Enforce Two-Factor Authentication.
Click Confirm to save the changes.
Once 2FA is enforced at the organization level:
Existing users will be required to set up 2FA at the next login.
New users will be required to set up 2FA while setting up their account.
Reset a user's 2FA
If you lose or misplace your authentication device and are locked out, contact your Org Admin to have 2FA reset.
In Verkada Command, go to All Products > Admin.
Under Admin > Users & Permissions, click Users.
Select the email of the locked-out user.
At the top right, click > Control Login.
a. Click Reset 2FA > Confirm to delete all 2FA methods. b. Click > Confirm next to an authentication method to reset it.
Click Done to confirm.
If 2FA is enforced for the organization, the user will be required to set up a new 2FA configuration at the next login. If not, 2FA will be disabled on the user account.
Disable 2FA
If 2FA is enforced for the org, Org Admins cannot disable 2FA for themselves or other Org Admins.
In the bottom left of Verkada Command, click the org icon.
Click My Account.
Click next to the authentication method you want to disable.
Enter your password and click Continue.
If you no longer have access to the 2FA app and are not signed in, contact your Org Admin to reset 2FA for your account.
Last updated
Was this helpful?