Two-factor authentication¶
Two-factor authentication (2FA) is an opt-in feature that provides additional security for DataRobot users. 2FA in DataRobot is based on the Time-based One-Time Password algorithm (TOTP), the IETF RFC 6238 standard for many two-factor authentication systems. It works by generating a temporary, one-time password that must be manually entered into the app to authenticate access.
To work with 2FA, you use an authentication app on your mobile device (for example, Google Authenticator). If you haven't already done so, install and register an app on your device. You will use the app to scan a DataRobot-provided QR code, which will, in turn, generate authentication and recovery codes.
DataRobot provides a series of recovery codes for use if you lose access to your default authentication method.
Warning
Before completing two-factor authentication, download, copy, or print these codes and save them to a secure location.
Tip
When you enable 2FA, all API endpoints that validate username and password require secondary authentication.
See the troubleshooting section for additional information.
Set up 2FA¶
To enable 2FA:
-
From the User Settings page, on the Authentication tab, switch the Two-Factor Authentication toggle to on:
A dialog box opens to the first step of the setup process:
-
Open the authenticator app on your device and select the option that allows you to scan a barcode. (On Google Authenticator, click the
+sign and choose "Scan barcode.") -
Scan the QR code shown in the dialog box; your device displays a 6-digit code. (If you have trouble scanning, see the alternate option.) Or, if you receive an error, see the troubleshooting section.
-
Enter the code (no spaces) into the box at the bottom of the screen and click Verify.
-
Once verified, DataRobot returns 20 recovery codes for your use if you lose access to your default authentication method. Save these codes in a secure place.
-
Select a method for saving your codes and click Complete. DataRobot briefly displays a notice that two-factor authentication is enabled.
Non-QR code method¶
If you could not scan the QR code:
-
From the dialog box, choose Try this instead:
DataRobot displays your registered email address and a code for use with your app.
-
In your authenticator app, manually generate a code. For example, in Google Authenticator, click the
+sign and choose "Manual entry." -
Enter the credentials displayed in the dialog box. Note:
- the code is not case-sensitive
- spaces are optional, as most apps remove them when you enter the characters.
The authenticator app returns a 6-digit code.
-
Enter the code (no spaces) into the box at the bottom of the screen and click Verify. Return to step 4 of "Set up 2FA", above. Or, if you receive an error, see the troubleshooting section.
Use 2FA¶
After you enable and set up 2FA, you will be prompted for a code each time you log into DataRobot. (You are also prompted for an authentication code when requesting a password reset from the login page.) Open DataRobot and enter your email and password, or sign in with Google. You are prompted for an authentication code:
If you have your mobile device available, open the authenticator app and enter the 6-digit code displayed. If you do not have your device, click Switch to recovery code and enter one of the codes from your saved list of codes.
When you've entered the code, click Verify. DataRobot validates your account and opens the application.