Login and Logout
Learn how to log into and out of the DNAnexus Platform, via both the user interface and the command-line interface. Learn how to use tokens to log in, and how to set up two-factor authentication.
Logging In and Out via the User Interface
To log in via the user interface (UI), open the DNAnexus Platform login page and enter your username and password.
To log out via the UI, click on your avatar at the far right end of the main Platform menu, then select Sign Out:
Logging In via the Command-Line Interface
To log in via the command-line interface (CLI), make sure you've installed the dx command-line client. From the CLI, enter the command dx login.
Next, enter your username, or, if you've logged in before on the same computer and your username is displayed, hit Return to confirm that you want to use it to log in. Then enter your password.
See below for directions on using a token to log in.
See the Index of dx Commands page for detail on optional arguments that can be used with dx login.
Logging Out via the Command-Line Interface
When using the CLI, log out by entering the command dx logout.
If you use a token to log in, logging out invalidates that token. To log in again, you must generate a new token.
See the Index of dx Commands page for detail on optional arguments that can be used with dx logout.
Auto Logout
Session inactivity
By default, the system logs out users after 15 minutes of inactivity. Exceptions apply to users logged in with an API token that specifies a different session duration, or users in an org with a custom autoLogoutAfter policy.
Contact DNAnexus Support for more information on setting a custom autoLogoutAfter policy for an org.
Credentials change
The system automatically logs out users when they change their account credentials. This happens immediately after the credentials change is complete. Exceptions apply to users logged in with an API token.
The following actions are considered credentials changes:
Change a password
Reset a password
Confirm a new email address after updating account email
Enable or disable multi-factor authentication (MFA)
By default, changing your credentials does not automatically terminate any running jobs or active downloads and uploads that are authenticated on your behalf. When you change your credentials, you can choose Revoke Active Tokens to terminate these running jobs and active transfers. See details on revoking API tokens.
If you suspect your account may be compromised, we strongly recommend that you:
Opt-in to terminate any active jobs authenticated on your behalf.
Rotate your API tokens after changing credentials. That is, delete your existing API tokens and create new ones.
Using Tokens
You can log in via the CLI, and stay logged in for a fixed length of time, by using an API token, also called an authentication token.
Exercise caution when sharing DNAnexus Platform tokens. Anyone with a token can access the Platform and impersonate you as a user. They gain your access level to any projects accessible by the token, enabling them to run jobs and potentially incur charges to your account.
Generating a Token
To generate a token, click on your avatar at the top right corner of the main Platform menu, then select My Profile from the dropdown menu.
Next, click on the API Tokens tab. Then click the New Token button:
The New Token form opens in a modal window:
Consider the following points when filling out the form:
The token provides access to each project at the level at which you have access. See the Projects page for more on project access levels.
If the token provides access to a project within which you have PHI data access, it enables access to that PHI data.
Tokens without a specified expiration date expire in one month.
After completing the form, click Generate Token. The system generates a 32-character token and displays it with a confirmation message.
Copy your token immediately. The token is inaccessible after dismissing the confirmation message or navigating away from the API Tokens screen.
Using a Token to Log In
To log in with a token via the CLI, enter the command dx login --token, followed by a valid 32-character token.
Token Use Cases
Tokens are useful in multiple scenarios, such as:
Logging in via the CLI with single sign-on enabled - If your organization uses single sign-on, logging in via the CLI might require a token instead of a username and password.
Logging in via a script - Scripts can use tokens to authenticate with the Platform.
When incorporating a token into a script, take care to set the token's expiration date such that the script has Platform access for only as long as necessary. Ensure as well that the script only has access to that project or those projects to which it must have access, to function properly.
Revoking a Token
When you revoke API tokens, all running jobs and all active file uploads or downloads authenticated with those tokens are terminated immediately and fail with the error AuthError. Any compute or egress charges incurred up to the point of termination remain billable to the account associated with those operations.
To revoke a token, navigate to the API Tokens screen within your profile on the UI. Select the token you want to revoke, then click the Revoke button:
In the Revoke Tokens Confirmation modal window, click the Yes, revoke it button. The token is revoked, and its name no longer appears in the list of tokens on the API Tokens screen.
When to Revoke a Token
Token shared too widely - Revoke a token if someone with whom you've shared the token should no longer be able to use it, or if you're not certain who has access to it.
Token no longer needed - Revoke a token if a script that uses it is no longer in use, or if a group that had been using it no longer needs access to the Platform, or in any other situation in which the token is no longer necessary.
Logging In Non-Interactively
Though logging in typically requires direct interaction with the Platform through the UI or CLI, non-interactive login is also possible. Scripts commonly automate both login and project selection.
Non-interactive login uses dx login with the --token argument. The dx select command automates project selection. For manual project selection, add the --noprojects argument to dx login.
Two-Factor Authentication
DNAnexus recommends adding two-factor authentication to your account, to provide an extra means of ensuring the security of all data to which you have access, on the Platform.
With two-factor authentication enabled, you must enter a two-factor authentication code to log into the Platform and access certain other services. This code is a time-based one-time password valid for a single session, generated by a third-party two-factor authenticator application, such as Google Authenticator.
Two-factor authentication protects your account by requiring both your credentials and an authentication code. This prevents unauthorized access even if your username and password are compromised.
Enabling Two-Factor Authentication
To enable two-factor authentication, select Account Security from the dropdown menu accessible via your avatar, at the top right corner of the main menu.
In the Account Security screen, click the button labeled Enable 2FA. Then follow the instructions to select and set up a third-party authenticator application.
DNAnexus recommends using a time-based one-time password (TOTP)–compliant authenticator application on your mobile device. Popular options include Google Authenticator, Authy, Microsoft Authenticator, and 1Password. Google Authenticator is a free application that's available for both Apple iOS and Android mobile devices. Get it on Google Play or from the Apple App Store.
If you are unable to use a smartphone application, compatible two-factor authenticator applications that use the TOTP (time-based one-time password) algorithm exist for other platforms.
Enabling two-factor authentication redirects you to a page containing back-up codes. These codes serve as alternatives to two-factor authentication codes if you lose access to your authenticator application.
Store the back-up codes in a secure place. Without them and without access to your authenticator application, Platform login becomes impossible.
Contact DNAnexus Support if you lose both your codes and access to your authenticator application.
Disabling Two-Factor Authentication
DNAnexus recommends keeping two-factor authentication enabled after activation. If disabling is necessary, navigate to the Account Security screen of your profile, then click the Turn Off button in the Two-Factor Authentication section. The system requires your password and a two-factor authentication code to confirm this change.
Disabling and re-enabling two-factor authentication requires reconfiguration of your authenticator application. Reconfiguration involves scanning a new QR code or entering a new secret key code, and saving a new set of back-up codes.
Last updated
Was this helpful?