Skip to main content
commvault.com commvault.com
Question

Prevent unnecessary 2FA mail when logging into Command Center

  • April 20, 2026
  • 2 replies
  • 18 views
Paul G
Explorer
Forum|alt.badge.img+1

Hi everyone,

I have a 11.40 environment and the login nowadays has 3 steps and before I get to fill in the 2FA PIN, I have triggered the email with the 2FA code.

  • I first get the screen to fill in my username.
  • The second screen allows me to put in my password.
  • After this, I get the third screen where I can fill in the 2FA code if I have not added a 2FA PIN to my password on the second screen (the same way as for the commcell console). If I did not fill in the 2FA PIN with my password, I get a mail with a 2FA PIN.

I want to configure the logic that a 2FA code is only sent out via mail when I don't fill in a PIN in the third screen. This is because I don't want to get a 2FA PIN mail because I have already stored the secret in a TOTP app. It is also not logical for end users that have a TOTP app that they still get the mail when they have not yet had the change to fill in the 2FA PIN.

I also rather do not want to entirely disable the 2FA mail via the additional setting DisableTFAEmail because this can cause issues for end users that did not setup a TOTP app.

I hope my explanation of the issue is clear. I cannot find a solution in the documentation for how to change this logic. It seems to me the login steps changed but the logic did not change from 11.32 where you had the 2FA PIN field beneath the password field on the second login screen.

Kind regards,

Paul

2 replies

P
Vaulter
Forum|alt.badge.img+17
  • PradeepVaulter
  • Vaulter
  • April 21, 2026

Hi ​@Paul G ,
 

You cannot conditionally trigger email OTP based on whether the user enters a TOTP PIN

Because:

  • Authentication flow is server-driven
  • The system decides the second factor before user input
  • It doesn’t “wait” for user behavior to decide method

Option 1

Disable Email OTP Configure system to use TOTP only
Remove email as 2FA method

Option 2
Prioritize TOTP over Email If system supports:

Set: Primary factor → TOTP
Email → fallback only

Paul G
Explorer
Forum|alt.badge.img+1
  • Paul GExplorer
  • Author
  • Explorer
  • April 21, 2026

 Hi ​@Pradeep,

Thank you.

So option 2 sends an email if I don't add the PIN to the password in the password screen? That seems strange as adding a PIN after a password is not intuitive. Why have TOTP support when you will always get a mail with PIN before you even see a field where you would logically add your PIN? It seems that the way it was before where password and PIN fields were on the same screen, the implementation was much more intuitive.

Adding a PIN after a password for adding a 2FA factor feels to me as a CV engineer solution but not a general user solution. In the old solution, it was logical for a user to receive a mail when they didn't add their TOTP PIN in the visible PIN field.

Kind regards,

Paul

Terms & ConditionsAccessibility statement