Login and Logout

Learn how to log into and out of the DNAnexus Platform, via both the user interface and the command-line interface. Learn how to use tokens to log in, and how to set up two-factor authentication.

Logging In and Out via the User Interface

To log in via the user interface (UI), open the login page and enter your username and password.

To log out via the UI, click on your avatar at the far right end of the main Platform menu, then select Sign Out:

Logging In via the Command-Line Interface

To log in via the command-line interface (CLI), make sure you've installed the dx command-line client. From the CLI, enter the command dx login.

Next, enter your username, or, if you've logged in before on the same computer and your username is displayed, hit Return to confirm that you want to use it to log in. Then enter your password.

See below for directions on using a token to log in.

See the Index of dx Commands page for detail on optional arguments that can be used with dx login.

Logging Out via the Command-Line Interface

When using the CLI, log out by entering the command dx logout.

Note that if you used a token to log in, logging out invalidates that token. To log in again using a token, you must generate a new token.

See the Index of dx Commands page for detail on optional arguments that can be used with dx logout.

Auto Logout

After fifteen minutes of inactivity, you will be automatically logged out, unless you logged in using an API token that specifies the length of time you can stay logged in, or are part of an org with a custom autoLogoutAfter policy.

Contact DNAnexus Support for more information on setting a custom autoLogoutAfter policy for an org.

Using Tokens

You can log in via the CLI, and stay logged in for a fixed length of time, by using an API token, also called an authentication token.

Be very careful about giving a DNAnexus Platform token to someone else. Anyone in possession of that token can use it to access the Platform and impersonate you as a user. He or she will have the same access level as you, for any projects to which the token has access, potentially allowing him or her to run jobs, incurring charges to your account.

Generating a Token

To generate a token, click on your avatar at the top right corner of the main Platform menu, then select My Profile from the dropdown menu.

Next, click on the API Tokens tab. Then click the New Token button:

The New Token form will open in a modal window:

While filling out the form, note the following:

  • The token will provide access to each project at the level at which you have access. See the Projects page for more on project access levels.

  • If the token provides access to a project within which you have PHI data access, it will enable access to that PHI data.

  • If you do not enter an expiration date when creating a token, it will be set to expire in one month.

Once you've completed the form, click Generate Token. A new 32-character token will be generated, and displayed along with a confirmation message.

Be sure to copy your token right away. Once you dismiss the confirmation message or navigate away from the API Tokens screen, the token will no longer be accessible.

Using a Token to Log In

To log in with a token via the CLI, enter the command dx login --token, followed by a valid 32-character token.

When to Use Tokens

Tokens are useful in a number of different scenarios. Examples include:

  • Logging in via the CLI when a single sign-on is enabled - If your organization uses single sign-on, you may not be able to log in via the CLI using a username and password. In this case, use a token to log in via the CLI.

  • Logging in via a script - You can incorporate a token into a script to allow the script to log into the Platform.

When incorporating a token into a script, take care to set the token's expiration date such that the script has Platform access for only as long as absolutely necessary. Ensure as well that the script only has access to that project or those projects to which it must have access, in order to function properly.

Revoking a Token

To revoke a token, navigate to the API Tokens screen within your profile on the UI. Select the token you want to revoke, then click the Revoke button:

In the Revoke Tokens Confirmation modal window, click the Yes, revoke it button. The token will be revoked, and its name will no longer appear in the list of tokens on the API Tokens screen.

When to Revoke a Token

  • Token shared too widely - Revoke a token if someone with whom you've shared the token should no longer be able to use it, or if you're not certain who has access to it.

  • Token no longer needed - Revoke a token if a script that uses it is no longer in use, or if a group that had been using it no longer needs access to the Platform, or in any other situation in which the token is no longer necessary.

Logging In Non-Interactively

As a rule, logging in requires interacting directly with the Platform, via the UI or the CLI. But it is possible to log in non-interactively. This is most commonly done via a script that automates both login and project selection.

Non-interactive login requires the use of dx login with the --token argument. Use the dx select command to automate project selection. If you prefer not to automate project selection, add the --no-projects argument to dx login.

Two-Factor Authentication

DNAnexus recommends adding two-factor authentication to your account, to provide an extra means of ensuring the security of all data to which you have access, on the Platform.

After enabling two-factor authentication, you will be required to enter a two-factor authentication code to log into the Platform, and to access certain other services. This code is a time-based one-time password that is valid for only a single session. It is generated by a third-party two-factor authenticator application, such as Google Authenticator.

With two-factor authentication protecting your account, your data will be protected even in the case that both your username and password are stolen. No attacker will be able to access your account without the two-factor authentication code.

Enabling Two-Factor Authentication

To enable two-factor authentication, select Account Security from the dropdown menu accessible via your avatar, at the the top right corner of the main menu.

In the Account Security screen, click the button labeled Enable 2FA. Then follow the instructions to select and set up a third-party authenticator application.

DNAnexus recommends using Google Authenticator on your mobile device. Google Authenticator is a popular, free application that's available for both Apple iOS and Android mobile devices. Get it on Google Play or from the Apple iTunes App Store.

If you are unable to use a smartphone application, compatible two-factor authenticator applications, using the TOTP (Time-based One-time Password) algorithm, exist for other platforms.

After enabling two-factor authentication, you will be redirected to a page containing back-up codes. These codes can be used in place of a two-factor authentication code, in the event that you lose access to your authenticator application.

Save the back-up codes in a secure place. Without them, if you lose access to your authenticator application, you will be unable to log into the Platform.

Contact DNAnexus Support if you lose both your codes and access to your authenticator application.

Disabling Two-Factor Authentication

DNAnexus does not recommend disabling two-factor authentication once it has been enabled. If you do need to do so, navigate to the Account Security screen of your profile, then click the Turn Off button in the Two-Factor Authentication section. You will be required to enter your password and a two-factor authentication code to confirm your choice.

If you disable, then re-enable, two-factor authentication, you will need to re-configure your authenticator application. You can do this by scanning a new QR code or entering a new secret key code. You will also be required to save a new set of back-up codes.

Last updated