Login and Logout

Learn how to log into and out of the DNAnexus Platform, via both the user interface and the command-line interface. Learn how to use tokens to log in, and how to set up two-factor authentication.

Logging In and Out via the User Interface

To log in via the user interface (UI), open the login page and enter your username and password.

To log out via the UI, click on your avatar at the far right end of the main Platform menu, then select Sign Out:

Logging In via the Command-Line Interface

To log in via the command-line interface (CLI), make sure you've installed the dx command-line client. From the CLI, enter the command dx login.

Next, enter your username, or, if you've logged in before on the same computer and your username is displayed, hit Return to confirm that you want to use it to log in. Then enter your password.

See below for directions on using a token to log in.

See the Index of dx Commands page for detail on optional arguments that can be used with dx login.

Logging Out via the Command-Line Interface

When using the CLI, log out by entering the command dx logout.

If you use a token to log in, logging out invalidates that token. To log in again, you must generate a new token.

See the Index of dx Commands page for detail on optional arguments that can be used with dx logout.

Auto Logout

The system logs out users after fifteen minutes of inactivity. Exceptions apply to users logged in with an API token that specifies a different session duration, or users in an org with a custom autoLogoutAfter policy.

Contact DNAnexus Support for more information on setting a custom autoLogoutAfter policy for an org.

Using Tokens

You can log in via the CLI, and stay logged in for a fixed length of time, by using an API token, also called an authentication token.

Exercise caution when sharing DNAnexus Platform tokens. Anyone with a token can access the Platform and impersonate you as a user. They gain your access level to any projects accessible by the token, enabling them to run jobs and potentially incur charges to your account.

Generating a Token

To generate a token, click on your avatar at the top right corner of the main Platform menu, then select My Profile from the dropdown menu.

Next, click on the API Tokens tab. Then click the New Token button:

The New Token form opens in a modal window:

Consider the following points when filling out the form:

The token provides access to each project at the level at which you have access. See the Projects page for more on project access levels.
If the token provides access to a project within which you have PHI data access, it enables access to that PHI data.
Tokens without a specified expiration date expire in one month.

After completing the form, click Generate Token. The system generates a 32-character token and displays it with a confirmation message.

Copy your token immediately. The token is inaccessible after dismissing the confirmation message or navigating away from the API Tokens screen.

Using a Token to Log In

To log in with a token via the CLI, enter the command dx login --token, followed by a valid 32-character token.

Token Use Cases

Tokens are useful in multiple scenarios, such as:

Logging in via the CLI with single sign-on enabled - If your organization uses single sign-on, logging in via the CLI might require a token instead of a username and password.
Logging in via a script - Scripts can use tokens to authenticate with the Platform.

When incorporating a token into a script, take care to set the token's expiration date such that the script has Platform access for only as long as necessary. Ensure as well that the script only has access to that project or those projects to which it must have access, to function properly.

Revoking a Token

To revoke a token, navigate to the API Tokens screen within your profile on the UI. Select the token you want to revoke, then click the Revoke button:

In the Revoke Tokens Confirmation modal window, click the Yes, revoke it button. The token is revoked, and its name no longer appears in the list of tokens on the API Tokens screen.

When to Revoke a Token

Token shared too widely - Revoke a token if someone with whom you've shared the token should no longer be able to use it, or if you're not certain who has access to it.
Token no longer needed - Revoke a token if a script that uses it is no longer in use, or if a group that had been using it no longer needs access to the Platform, or in any other situation in which the token is no longer necessary.

Logging In Non-Interactively

Though logging in typically requires direct interaction with the Platform through the UI or CLI, non-interactive login is also possible. Scripts commonly automate both login and project selection.

Non-interactive login uses dx login with the --token argument. The dx select command automates project selection. For manual project selection, add the --noprojects argument to dx login.

Two-Factor Authentication

DNAnexus recommends adding two-factor authentication to your account, to provide an extra means of ensuring the security of all data to which you have access, on the Platform.

With two-factor authentication enabled, you must enter a two-factor authentication code to log into the Platform and access certain other services. This code is a time-based one-time password valid for a single session, generated by a third-party two-factor authenticator application, such as Google Authenticator.

Two-factor authentication protects your account by requiring both your credentials and an authentication code. This prevents unauthorized access even if your username and password are compromised.

Enabling Two-Factor Authentication

To enable two-factor authentication, select Account Security from the dropdown menu accessible via your avatar, at the top right corner of the main menu.

In the Account Security screen, click the button labeled Enable 2FA. Then follow the instructions to select and set up a third-party authenticator application.

DNAnexus recommends using Google Authenticator on your mobile device. Google Authenticator is a popular, free application that's available for both Apple iOS and Android mobile devices. Get it on Google Play or from the Apple iTunes App Store.

If you are unable to use a smartphone application, compatible two-factor authenticator applications, using the TOTP (Time-based One-time Password) algorithm, exist for other platforms.

Enabling two-factor authentication redirects you to a page containing back-up codes. These codes serve as alternatives to two-factor authentication codes if you lose access to your authenticator application.

Store the back-up codes in a secure place. Without them and without access to your authenticator application, Platform login becomes impossible.

Contact DNAnexus Support if you lose both your codes and access to your authenticator application.

Disabling Two-Factor Authentication

DNAnexus recommends keeping two-factor authentication enabled after activation. If disabling is necessary, navigate to the Account Security screen of your profile, then click the Turn Off button in the Two-Factor Authentication section. The system requires your password and a two-factor authentication code to confirm this change.

Disabling and re-enabling two-factor authentication requires reconfiguration of your authenticator application. Reconfiguration involves scanning a new QR code or entering a new secret key code, and saving a new set of back-up codes.

Last updated 2 days ago

Was this helpful?