Login and Logout
Learn how to log into and out of the DNAnexus Platform, via both the user interface and the command-line interface. Learn how to use tokens to log in, and how to set up two-factor authentication.
Logging In and Out via the User Interface
To log in via the user interface (UI), open the login page and enter your username and password.
To log out via the UI, click on your avatar at the far right end of the main Platform menu, then select Sign Out:

Logging In via the Command-Line Interface
To log in via the command-line interface (CLI), make sure you've installed the dx
command-line client. From the CLI, enter the command dx login
.
Next, enter your username, or, if you've logged in before on the same computer and your username is displayed, hit Return to confirm that you want to use it to log in. Then enter your password.
See below for directions on using a token to log in.
See the Index of dx
Commands page for detail on optional arguments that can be used with dx login
.
Logging Out via the Command-Line Interface
When using the CLI, log out by entering the command dx logout
.
See the Index of dx
Commands page for detail on optional arguments that can be used with dx logout
.
Auto Logout
The system logs out users after fifteen minutes of inactivity. Exceptions apply to users logged in with an API token that specifies a different session duration, or users in an org with a custom autoLogoutAfter policy.
Using Tokens
You can log in via the CLI, and stay logged in for a fixed length of time, by using an API token, also called an authentication token.
Exercise caution when sharing DNAnexus Platform tokens. Anyone with a token can access the Platform and impersonate you as a user. They gain your access level to any projects accessible by the token, enabling them to run jobs and potentially incur charges to your account.
Generating a Token
To generate a token, click on your avatar at the top right corner of the main Platform menu, then select My Profile from the dropdown menu.
Next, click on the API Tokens tab. Then click the New Token button:

The New Token form opens in a modal window:

Consider the following points when filling out the form:
The token provides access to each project at the level at which you have access. See the Projects page for more on project access levels.
If the token provides access to a project within which you have PHI data access, it enables access to that PHI data.
Tokens without a specified expiration date expire in one month.
After completing the form, click Generate Token. The system generates a 32-character token and displays it with a confirmation message.
Using a Token to Log In
To log in with a token via the CLI, enter the command dx login --token
, followed by a valid 32-character token.
Token Use Cases
Tokens are useful in multiple scenarios, such as:
Logging in via the CLI with single sign-on enabled - If your organization uses single sign-on, logging in via the CLI might require a token instead of a username and password.
Logging in via a script - Scripts can use tokens to authenticate with the Platform.
When incorporating a token into a script, take care to set the token's expiration date such that the script has Platform access for only as long as necessary. Ensure as well that the script only has access to that project or those projects to which it must have access, to function properly.
Revoking a Token
To revoke a token, navigate to the API Tokens screen within your profile on the UI. Select the token you want to revoke, then click the Revoke button:

In the Revoke Tokens Confirmation modal window, click the Yes, revoke it button. The token is revoked, and its name no longer appears in the list of tokens on the API Tokens screen.
When to Revoke a Token
Token shared too widely - Revoke a token if someone with whom you've shared the token should no longer be able to use it, or if you're not certain who has access to it.
Token no longer needed - Revoke a token if a script that uses it is no longer in use, or if a group that had been using it no longer needs access to the Platform, or in any other situation in which the token is no longer necessary.
Logging In Non-Interactively
Though logging in typically requires direct interaction with the Platform through the UI or CLI, non-interactive login is also possible. Scripts commonly automate both login and project selection.
Non-interactive login uses dx login
with the --token
argument. The dx select
command automates project selection. For manual project selection, add the --noprojects
argument to dx login
.
Two-Factor Authentication
DNAnexus recommends adding two-factor authentication to your account, to provide an extra means of ensuring the security of all data to which you have access, on the Platform.
With two-factor authentication enabled, you must enter a two-factor authentication code to log into the Platform and access certain other services. This code is a time-based one-time password valid for a single session, generated by a third-party two-factor authenticator application, such as Google Authenticator.
Two-factor authentication protects your account by requiring both your credentials and an authentication code. This prevents unauthorized access even if your username and password are compromised.
Enabling Two-Factor Authentication
To enable two-factor authentication, select Account Security from the dropdown menu accessible via your avatar, at the top right corner of the main menu.
In the Account Security screen, click the button labeled Enable 2FA. Then follow the instructions to select and set up a third-party authenticator application.
Enabling two-factor authentication redirects you to a page containing back-up codes. These codes serve as alternatives to two-factor authentication codes if you lose access to your authenticator application.
Store the back-up codes in a secure place. Without them and without access to your authenticator application, Platform login becomes impossible.
Contact DNAnexus Support if you lose both your codes and access to your authenticator application.
Disabling Two-Factor Authentication
DNAnexus recommends keeping two-factor authentication enabled after activation. If disabling is necessary, navigate to the Account Security screen of your profile, then click the Turn Off button in the Two-Factor Authentication section. The system requires your password and a two-factor authentication code to confirm this change.
Last updated
Was this helpful?