Docs Menu

Docs HomeMongoDB Ops Manager

Manage Your Two-Factor Authentication Options

On this page

  • Configure Two-Factor Authentication
  • Generate New Recovery Codes
  • Reset Legacy Two Factor Authentication

Two-factor authentication provides a second layer of security for your Ops Manager account.

When enabled, Ops Manager requires 2FA to help users control access to their Ops Manager accounts.

To log into Ops Manager, a user must provide their password ("something you know"), as well as a second time-sensitive verification code, delivered during authentication ("something you have"). By requiring both factors, Ops Manager can grant authentication requests with a higher degree of confidence.


After you enter your username and password, you are prompted for a six-digit time-sensitive verification code. This code is sent to a separate device, such as a mobile phone or security token, that you can read and enter into Ops Manager and complete your login.


To enable or disable two-factor authentication for the entire Ops Manager environment, see Manage Two-Factor Authentication for Ops Manager.

Ops Manager provides the following sources for 2FA verification codes:

A global team that shares the same Ops Manager account can use Google Authenticator and use the same seed code for all team members. To generate a common seed code that all team members can use, select the Can't scan the barcode? link when Configuring Two-Factor Authentication with Google Authenticator.

As a backup, you can generate recovery codes to use in place of a sent code when you do not have access to a phone, 2FA app or 2FA device. Each recovery code is single-use, and you should save these codes in a secure place. When you generate new recovery codes, you invalidate previously generated ones.


In Ops Manager, click your username in the top-right corner and select Account.


Click to the right of Two Factor Authentication.

When prompted for verification, enter a 2FA code then click Verify.


Each time you expand this box, Ops Manager generates a new set of codes.

Keep the codes in a safe place. Each code can be used in conjunction with your username and password to not only access Ops Manager but to reset your security settings on Ops Manager.

If you have legacy 2FA enabled and you lose access to your 2FA device, you can reset 2FA for your account.

  1. Log in to Ops Manager with your username and password.

  2. When the 2FA prompt displays:

    1. Click the Reset your two-factor authentication link.

    2. Click Ops Manager user? Click here at the bottom of the Reset Two Factor Authentication modal.

  3. Type your Ops Manager username.

  4. Click Reset Two Factor Authentication.

    Ops Manager emails a link to the e-mail account associated with the Ops Manager username.

  5. Check your email.

  6. Click the link that Ops Manager sent to start the 2FA reset procedure.

  7. Follow the directions on the 2FA reset page. After completing the reset procedure, Ops Manager allows you to log in to the Ops Manager account without requiring a 2FA code.

←  Edit Personal SettingsAdminister Ops Manager →