Information Technology at JPL

Directory and Authentication Service

JPL Two-Factor Authentication

JPL IT - Directory and Authentication Service

Two-Factor Authentication Service

The JPL Two-Factor Authentication (TFA) service uses your JPL username and a two-factor passcode to grant you access into JPL's Network, Webmail service, and any TFA protected system. TFA is required for all JPL Remote Access (VPN, BrowserRAS, Research Network VPN).

To access the JPL Network remotely, you must have:

  1. JPL username
  2. Remote Access Account - RAS Accounts are automatically provisioned for all JPL employees and most affiliates.
  3. JPL-issued, RSA SecurID Token

Note: Accessing JPL's Webmail service from outside the Laboratory, only requires JPL username and JPL-issued, RSA SecurID Token (JPL's TFA service).

To order a token, on-site users can go directly to the JPL IT Catalog. External/off-site users please click on Order, Replace, Return, Transfer, Exchange Tokens for more information.

When ordering your token for Two-Factor Authentication, you must decide between a Soft Token or a Physical Token. The following should be considered:

  • Soft Token (recommended) - requires that you download a software application to your JPL or personal smartphone. It requires that you have your smartphone everywhere you need to remotely access the JPL network. The application provides a random 8 digit token code.
    Note: Blackberry smartphones are no longer supported by JPL.
  • Physical Token (fob) - must be carried with you everywhere you need to remotely access the JPL network. It provides a random 6 digit token code.


Please refer to JPL IT Service Fees.


If you need assistance, please submit a Service Request, or call 4-HELP (818-354-4357).