Skip to main content

Enable 2FA for Your Command Account

Learn more about Verkada's built-in option for 2-Factor Authentication (2FA)

Updated over a month ago

Enabling two-factor authentication (2FA) adds an extra layer of security to your account, significantly reducing the risk of unauthorized access by requiring a secondary verification method beyond just a password.

This additional step provides peace of mind knowing that your account is better protected against unauthorized access attempts.

Org Admins are required to enable 2FA when setting up their accounts. However, if you log in to your account with SSO, the 2FA will be handled by your identity provider.

Enable 2FA on your Command account

Users can enable 2FA on their user accounts for an increased security guarantee.

  1. In the bottom left of Verkada Command, click the org icon.

  2. Click My Account.

  3. Next to Two-Factor Authentication, click Add.

  4. Select the type of authentication you want to set up.

    1. Use a Passkey

    2. Authenticator App

    3. Message (SMS)

  5. Enter your password and click Continue.

  6. Follow the prompts to complete the setup.

Passkey or biometric authenticator

With 2FA via security key or biometric authenticator, you can set up device-specific verification methods, such as TouchID and FaceID, as well as external security keys, such as a YubiKey or phone, as a passkey.

  • You can set up multiple passkeys/biometric authenticators for the same account as long as they use different devices.

  • Passkeys and biometric authenticators are currently not supported by the Verkada Command mobile app.

Authenticator app

With 2FA by an authenticator app, you will see the 6-digit code automatically generated. This code expires every 30 seconds, so you need to check this app for the new 6-digit authentication code each time you log in.

For help adding a QR code, contact the app's vendor for troubleshooting steps.

SMS

With 2FA via SMS, you will receive a 6-digit code in a text message. This phone number can be the same as, or different from, the number verified on your profile.

Enforce organization-wide 2FA

Two-Factor Authentication (2FA) is required for all Org Admins in Command. Org Admins will be prompted to set it up at their next login if not already configured. This requirement cannot be bypassed. However, if you log in to your account with SSO, the 2FA will be handled by your identity provider.

Verkada Command offers Org Admins the ability to enforce 2FA for all users in the organization. If an Org Admin has turned on 2FA enforcement, org-wide users will be required to have a minimum of 1 authentication method set up.

  1. In Verkada Command, go to All Products > Admin.

  2. In the left navigation, select Security & Access.

  3. Select Enforce Two-Factor Authentication.

  4. Toggle on Enforce Two-Factor Authentication.

  5. Click Confirm to save the changes.

Once 2FA is enforced at the organization level:

  • Existing users will be required to set up 2FA at the next login.

  • New users will be required to set up 2FA while setting up their new Verkada Command user account.

Reset a user's 2FA

If you lose or misplace your authentication device and are locked out of your account, you need to contact your Org Admin to have 2FA reset on your account.

  1. In Verkada Command, go to All Products > Admin.

  2. Under Admin > Users & Permissions, click Users.

  3. Select the email of the locked-out user.

  4. At the top right, click > Control Login.

    1. Click Reset 2FA > Confirm to delete all 2FA methods.

    2. Click > Confirm next to an authentication method to reset it.

  5. Click Done to confirm.

If 2FA is enforced for the organization, the user will be required to set up a new 2FA configuration at the next login. If not, 2FA will be disabled on the user account.

Disable 2FA

If 2FA is enforced for the org, Org Admins cannot disable 2FA for themselves or other Org Admins.

If 2FA is not enforced for your organization and is no longer needed, or you lost or misplaced your authentication device, you'll need to disable 2FA to avoid getting locked out of your account.

  1. In the bottom left of Verkada Command, click the org icon.

  2. Click My Account.

  3. Click next to the authentication method you want to disable.

  4. Enter your password and click Continue.

If you no longer have access to the 2FA app and are not signed in, contact your Org Admin, and they can assist with resetting 2FA for your account.

Prefer to see it in action? Check out the video tutorial.

Need more help? Contact Verkada Support.

Related Articles
Authentication and Provisioning Overview
Verkada Command Account FAQ
Enable SAML for Your Command Account
Switch Organizations in Command
Quick Reference Guide for Verkada Command
Did this answer your question?