diff --git a/cmd/collect.go b/cmd/collect.go
index e38cfe0..cb7f230 100644
--- a/cmd/collect.go
+++ b/cmd/collect.go
@@ -27,6 +27,16 @@ var collectCmd = &cobra.Command{
 			l.Log.Errorf("could not get states: %v", err)
 		}
 
+		// try to load access token either from env var, file, or config if var not set
+		if accessToken == "" {
+			var err error
+			accessToken, err = LoadAccessToken()
+			if err != nil {
+				l.Log.Errorf("failed to load access token: %v", err)
+			}
+		}
+
+		//
 		if threads <= 0 {
 			threads = mathutil.Clamp(len(probeStates), 1, 255)
 		}
diff --git a/cmd/login.go b/cmd/login.go
index 47b5823..bd23e29 100644
--- a/cmd/login.go
+++ b/cmd/login.go
@@ -7,7 +7,9 @@ import (
 	"os"
 
 	magellan "github.com/OpenCHAMI/magellan/internal"
+	"github.com/OpenCHAMI/magellan/internal/log"
 	"github.com/lestrrat-go/jwx/jwt"
+	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 )
 
@@ -25,21 +27,19 @@ var loginCmd = &cobra.Command{
 	Short: "Log in with identity provider for access token",
 	Long:  "",
 	Run: func(cmd *cobra.Command, args []string) {
+		// make application logger
+		l := log.NewLogger(logrus.New(), logrus.DebugLevel)
+
 		// check if we have a valid JWT before starting login
 		if !forceLogin {
 			// try getting the access token from env var
-			testToken := []byte(os.Getenv("OCHAMI_ACCESS_TOKEN"))
-			if testToken == nil {
-				// try reading access token from a file
-				b, err := os.ReadFile(tokenPath)
-				if err != nil {
-					fmt.Printf("failed to read access token from file: %v\n", err)
-					return
-				}
-				testToken = b
+			testToken, err := LoadAccessToken()
+			if err != nil {
+				l.Log.Errorf("failed to load access token: %v", err)
 			}
+
 			// parse into jwt.Token to validate
-			token, err := jwt.Parse(testToken)
+			token, err := jwt.Parse([]byte(testToken))
 			if err != nil {
 				fmt.Printf("failed to parse access token contents: %v\n", err)
 				return
diff --git a/cmd/root.go b/cmd/root.go
index ca4c25f..e0e31de 100644
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -50,9 +50,27 @@ func Execute() {
 	}
 }
 
+func LoadAccessToken() (string, error) {
+	// try to load token from env var
+	testToken := os.Getenv("OCHAMI_ACCESS_TOKEN")
+	if testToken != "" {
+		return testToken, nil
+	}
+
+	// try reading access token from a file
+	b, err := os.ReadFile(tokenPath)
+	if err == nil {
+		return string(b), nil
+	}
+
+	// TODO: try to load token from config
+	return "", fmt.Errorf("could not load from environment variable or file")
+}
+
 func init() {
 	rootCmd.PersistentFlags().IntVar(&threads, "threads", -1, "set the number of threads")
 	rootCmd.PersistentFlags().IntVar(&timeout, "timeout", 30, "set the timeout")
 	rootCmd.PersistentFlags().BoolVarP(&verbose, "verbose", "v", true, "set verbose flag")
+	rootCmd.PersistentFlags().StringVar(&accessToken, "access-token", "", "set the access token")
 	rootCmd.PersistentFlags().StringVar(&dbpath, "db.path", "/tmp/magellan/magellan.db", "set the probe storage path")
 }