Two-factor authentication (2FA) is an opt-in feature that provides additional security for DataRobot users. DataRobot's 2FA is based on the Time-based One-Time Password algorithm (TOTP, the IETF RFC 6238 standard for many two-factor authentication systems. It works by generating a temporary, one-time password that must be manually entered into the app to authenticate access.
To work with 2FA, you use an authentication app on your mobile device (for example, Google Authenticator. If you haven't already done so, install and register an app on your device. You will use the app to scan a DataRobot-provided QR code, which will, in turn, generate authentication and recovery codes.
DataRobot provides a series of recovery codes for use if you lose access to your default authentication method.
Before completing two-factor authentication, download, copy, or print these codes and save them to a secure location.
When you enable 2FA, all API endpoints that validate username and password require secondary authentication.
See the troubleshooting section for additional information.
Set up 2FA¶
To enable 2FA:
From the Profile page, on the Security tab, switch the Two-Factor Authentication toggle to on:
A dialog box opens to the first step of the setup process:
Open the authenticator app on your device and select the option that allows you to scan a barcode. (On Google Authenticator, click the
+sign and choose "Scan barcode.")
Once verified, DataRobot returns 20 recovery codes for your use if you lose access to your default authentication method. Save these codes in a secure place.
Select a method for saving your codes and click Complete. DataRobot briefly displays a notice that two-factor authentication is enabled.
Non-QR code method¶
If you could not scan the QR code:
From the dialog box, choose Try this instead:
DataRobot displays your registered email address and a code for use with your app.
In your authenticator app, manually generate a code. For example, in Google Authenticator, click the
+sign and choose "Manual entry."
Enter the credentials displayed in the dialog box. Note:
- the code is not case-sensitive
- spaces are optional, as most apps remove them when you enter the characters.
The authenticator app returns a 6-digit code.
After you enable and set up 2FA, you will be prompted for a code each time you log into DataRobot. (You are also prompted for an authentication code when requesting a password reset from the login page.) Open DataRobot and enter your email and password, or sign in with Google. You are prompted for an authentication code:
If you have your mobile device available, open the authenticator app and enter the 6-digit code displayed. If you do not have your device, click Switch to recovery code and enter one of the codes from your saved list of codes.
When you've entered the code, click Verify. DataRobot validates your account and opens the application.
Problem: I am receiving a message that my code is invalid.
- Make sure that you have only one instance of DataRobot authentication in your authenticator app. Each time you scan the QR code, the authenticator app creates a new account based on that code. The code you enter must be associated with the QR code displayed, and with multiple entries, it can be unclear which code to enter.
Solution: Rename or delete any DataRobot accounts listed in your authentication app.
- To do this with Google, for example, click the pencil icon and select all accounts registered to DataRobot. Select DELETE and when prompted, select REMOVE ACCOUNTS. (To reinstate the account, you can toggle "Enable two-factor authentication" in Settings and recapture the QR code).
Problem: So many codes!
- Some authentication systems (Google, for example) add new accounts to the bottom of the list.
Solution: When prompted for a code, enter the last DataRobot entry.
Problem: I lost my codes.
Solution: If you lose access to your phone and recovery codes, contact your administrator or DataRobot Support.
Problem: I no longer want to use 2FA.
Solution: Toggle the feature off on the Settings page.
Enter a 6-digit authentication code or a saved recovery code and click Disable. The feature is removed from your account, but you can re-enable it at any time.
Problem: I forgot my password (but I have my authentication code).
Solution: From the login page, click Don't Remember? and then on the next screen, click Reset Password:
When prompted, enter your authentication app code or, if you don't have your mobile device, click Switch to recovery code and enter one of your saved codes.
DataRobot will send a link to reset your password.