Comment on page
Login and Logout
Learn how to log into and out of the DNAnexus Platform, via both the user interface and the command-line interface. Learn how to use tokens to log in, and how to set up two-factor authentication.
Logging In and Out via the User Interface
To log out via the UI, click on your avatar at the far right end of the main Platform menu, then select Sign Out:
Logging in and out
Next, enter your username, or, if you've logged in before on the same computer and your username is displayed, hit Return to confirm that you want to use it to log in. Then enter your password.
After fifteen minutes of inactivity, you will be automatically logged out, unless you logged in using an API token that specifies the length of time you can stay logged in, or are part of an org with a custom autoLogoutAfter policy.
You can log in via the CLI, and stay logged in for a fixed length of time, by using an API token, also called an authentication token.
Be very careful about giving a DNAnexus Platform token to someone else. Anyone in possession of that token can use it to access the Platform and impersonate you as a user. He or she will have the same access level as you, for any projects to which the token has access, potentially allowing him or her to run jobs, incurring charges to your account.
To generate a token, click on your avatar at the top right corner of the main Platform menu, then select My Profile from the dropdown menu.
Next, click on the API Tokens tab. Then click the New Token button:
Creating a new token
The New Token form will open in a modal window:
New token form
While filling out the form, note the following:
- If the token provides access to a project within which you have PHI data access, it will enable access to that PHI data.
- If you do not enter an expiration date when creating a token, it will be set to expire in one month.
Once you've completed the form, click Generate Token. A new 32-character token will be generated, and displayed along with a confirmation message.
Be sure to copy your token right away. Once you dismiss the confirmation message or navigate away from the API Tokens screen, the token will no longer be accessible.
Tokens are useful in a number of different scenarios. Examples include:
- Logging in via the CLI when a single sign-on is enabled - If your organization uses single sign-on, you may not be able to log in via the CLI using a username and password. In this case, use a token to log in via the CLI.
- Logging in via a script - You can incorporate a token into a script to allow the script to log into the Platform.
When incorporating a token into a script, take care to set the token's expiration date such that the script has Platform access for only as long as absolutely necessary. Ensure as well that the script only has access to that project or those projects to which it must have access, in order to function properly.
To revoke a token, navigate to the API Tokens screen within your profile on the UI. Select the token you want to revoke, then click the Revoke button:
Revoking a token
In the Revoke Tokens Confirmation modal window, click the Yes, revoke it button. The token will be revoked, and its name will no longer appear in the list of tokens on the API Tokens screen.
- Token shared too widely - Revoke a token if someone with whom you've shared the token should no longer be able to use it, or if you're not certain who has access to it.
- Token no longer needed - Revoke a token if a script that uses it is no longer in use, or if a group that had been using it no longer needs access to the Platform, or in any other situation in which the token is no longer necessary.
As a rule, logging in requires interacting directly with the Platform, via the UI or the CLI. But it is possible to log in non-interactively. This is most commonly done via a script that automates both login and project selection.
DNAnexus recommends adding two-factor authentication to your account, to provide an extra means of ensuring the security of all data to which you have access, on the Platform.
After enabling two-factor authentication, you will be required to enter a two-factor authentication code to log into the Platform, and to access certain other services. This code is a time-based one-time password that is valid for only a single session. It is generated by a third-party two-factor authenticator application, such as Google Authenticator.
With two-factor authentication protecting your account, your data will be protected even in the case that both your username and password are stolen. No attacker will be able to access your account without the two-factor authentication code.
To enable two-factor authentication, select Account Security from the dropdown menu accessible via your avatar, at the the top right corner of the main menu.
In the Account Security screen, click the button labeled Enable 2FA. Then follow the instructions to select and set up a third-party authenticator application.
If you are unable to use a smartphone application, compatible two-factor authenticator applications, using the TOTP (Time-based One-time Password) algorithm, exist for other platforms.
After enabling two-factor authentication, you will be redirected to a page containing back-up codes. These codes can be used in place of a two-factor authentication code, in the event that you lose access to your authenticator application.
Save the back-up codes in a secure place. Without them, if you lose access to your authenticator application, you will be unable to log into the Platform.
DNAnexus does not recommend disabling two-factor authentication once it has been enabled. If you do need to do so, navigate to the Account Security screen of your profile, then click the Turn Off button in the Two-Factor Authentication section. You will be required to enter your password and a two-factor authentication code to confirm your choice.
If you disable, then re-enable, two-factor authentication, you will need to re-configure your authenticator application. You can do this by scanning a new QR code or entering a new secret key code. You will also be required to save a new set of back-up codes.