Two-factor authentication (2FA) is an opt-in feature that provides additional security for DataRobot users. 2FA in DataRobot is based on the Time-based One-Time Password algorithm (TOTP), the IETF RFC 6238 standard for many two-factor authentication systems. It works by generating a temporary, one-time password that must be manually entered into the app to authenticate access.
To work with 2FA, you use an authentication app on your mobile device (for example, Google Authenticator). If you haven't already done so, install and register an app on your device. You will use the app to scan a DataRobot-provided QR code, which will, in turn, generate authentication and recovery codes.
DataRobot provides a series of recovery codes for use if you lose access to your default authentication method.
Before completing two-factor authentication, download, copy, or print these codes and save them to a secure location.
When you enable 2FA, all API endpoints that validate username and password require secondary authentication.
See the troubleshooting section for additional information.
Set up 2FA¶
To enable 2FA:
From the Profile page, on the Security tab, switch the Two-Factor Authentication toggle to on:
A dialog box opens to the first step of the setup process:
Open the authenticator app on your device and select the option that allows you to scan a barcode. (On Google Authenticator, click the
+sign and choose "Scan barcode.")
Once verified, DataRobot returns 20 recovery codes for your use if you lose access to your default authentication method. Save these codes in a secure place.
Select a method for saving your codes and click Complete. DataRobot briefly displays a notice that two-factor authentication is enabled.
Non-QR code method¶
If you could not scan the QR code:
From the dialog box, choose Try this instead:
DataRobot displays your registered email address and a code for use with your app.
In your authenticator app, manually generate a code. For example, in Google Authenticator, click the
+sign and choose "Manual entry."
Enter the credentials displayed in the dialog box. Note:
- the code is not case-sensitive
- spaces are optional, as most apps remove them when you enter the characters.
The authenticator app returns a 6-digit code.
After you enable and set up 2FA, you will be prompted for a code each time you log into DataRobot. (You are also prompted for an authentication code when requesting a password reset from the login page.) Open DataRobot and enter your email and password, or sign in with Google. You are prompted for an authentication code:
If you have your mobile device available, open the authenticator app and enter the 6-digit code displayed. If you do not have your device, click Switch to recovery code and enter one of the codes from your saved list of codes.
When you've entered the code, click Verify. DataRobot validates your account and opens the application.