Reissuing a Secret Key for Two-Factor Authentication (Administrator)


On this page

The secret key is a unique 16 character alphanumeric code that is required during the set up of the PIN generating tools. When a secret key is lost or compromised, the administrator can delete the key.

After the key is deleted, users can access the new secret key based on the following interfaces they log on for the first time:

  • CommCell Console and Command Line: An email containing a new secret key is sent to the user.

  • Command Center and Web Console: A new QR code along with the secret key is displayed on the login page. To enable the QR code for the CommCell Console, configure the EnableTFAConsoleQR additional setting.

Scenarios that require reissuing the secret key:

  • The user deleted or lost the secret key before using the key in the PIN generating tools.

  • The user accidentally shared the secret key with other users.


  1. From the command prompt, navigate to software_installation_directory/Base.

  2. Log on to the CommServe using the qlogin command.

  3. Run the following command to delete a secret key for a user:

    qoperation execscript -sn QS_DeleteTFASecretForUser -si @user='userName'

    where userName is the login name of the CommCell user who requires a new secret key.

  4. Notify the user that a new secret key is required the next time he or she logs on to the CommCell.