p4 login2

Perform multi-factor authentication (MFA), formerly known as second factor authentication (2fa).

Syntax

p4 login2 [ -p -R ] [ -h host ] [ -S state ] [ -m method ] [ username ]
p4 login2 -s [ -a | -h host ] [ username ]
p4 login2 [-p] -r remotespec [--remote-user=X]
p4 login2 [-s -a] -r remotespec [--remote-user=X]

Syntax conventions

Description

Enables a user requiring multi-factor authentication to authorize access on a given host.

Note

The end-user will not need this command if auto-prompt is enabled.

See Triggering for multi-factor authentication (MFA) in the Helix Core Server Administrator Guide.

Options

`-p`	Causes the MFA to persist even after the user's ticket has expired.
`-s`	Display the status of the current ticket, if one exists.
`-R`	Causes the MFA to be restarted, which allows the user to re-request a one-time password.
`-r`	Causes the server to forward the MFA to the server referenced in the specified remote specification. The authentication will be for the user specified by the `--remote-user` flag, or if `RemoteUser` is set in the remote specification, the login will be for that user. Specifying a host or a username is not allowed when logging into a remote server.
`-s`	Displays the MFA status for the user on the current host, or all hosts that the user has used if the `-a` flag is used. To show the status for a specific host, the IP address can be specified with the `-h` flag.
`username`	Specifying a username as an argument to this command requires `super` access, which is granted by p4 protect. In this case, `p4 login2` skips the MFA process and immediately marks the user as validated for the current host. The super user must already be logged in and verified, if necessary. A host (IP address) can be specified with the `-h` flag to validate the user on a different host.
`-S`	For non-interactive clients, executes each step of the MFA individually. This must begin with the `list-methods` state, which will report the list of available MFA methods for the given user. The next state must be `init-auth`, and must be accompanied by the chose method provided to the `-m` flag. This initiates the authentication with the MFA provider. The final step is `check-auth`, which will either prompt for a one-time password (OTP) or request the authorization status from the MFA provider, depending on the type of authentication method selected. The `-p` flag can be provided at the `init-auth` stage. If a host or user is being specified, the appropriate arguments must be provided at each stage.
`-a`	Shows the MFA status for the user on all hosts.
`-h`	A host (IP address) can be specified with the `-h` flag to validate the user on a different host. Shows the status for a specific host if the IP address is specified.

Usage notes

Can File Arguments Use Revision Specifier?	Can File Arguments Use Revision Range?	Minimal Access Level Required
N/A	N/A	`list`

Related commands

To login	`p4 login`
To end a login session	`p4 logout`
To display tickets	`p4 tickets`