Skip to main content

Cornell University

Add Two-Step Login to a Departmental VPN

Set up Two-Step Login for your departmental VPN

This article applies to: CU VPN

On This Page

Two-Step Login, Cornell's two-factor authentication service, is required for all departmental VPNs to provide an additional layer of security.

  • Two-Step Login should be added when the departmental VPN is set up.
  • With Two-Step Login required, all users must use Two-Step Login to log in to the departmental VPN.
  • Two-Step Login will be required to log in to the main VPN ( as of July 15, 2021.


Before requiring Two-Step Login for a departmental VPN:

  • Ensure that all department users have initialized their Two-Step Login account and registered their Two-Step Login devices.
  • Ensure that all users who will access the departmental VPN have either a faculty or staff NetID, Sponsored NetID, or for student employees, a student Two-Step Login account. The departmental VPN administrator should review group memberships in Active Directory before requiring Two-Step Login on a departmental VPN.

Request Two-Step Login for an Existing Departmental VPN

To add Two-Step Login to an existing departmental VPN, send an email to

Include the following information in your request:

  • Your name and department
  • The name of the Active Directory group associated with your departmental VPN
  • The date Two-Step Login should be activated for your departmental VPN

See how to request a new departmental VPN.

Test Before Requiring Two-Step Login

You can connect to any departmental VPN using Two-Step Login at any time, even if it is not required yet. This is useful for administrators who want to test or configure user clients before Two-Step Login is required.

Connect to a Departmental VPN with Two-Step Login

After Two-Step Login is required for a departmental VPN, you'll select the Two-Step_Login VPN Group when connecting to the departmental VPN. See the instructions for connecting on Windows, Macintosh, Linux, and mobile devices.

Caution: Selecting the CornellVPN Group will connect to the main VPN and you may not have access to resources that are only available through the departmental VPN.


To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.