Secure SignIn

DSM Version

Secure SignIn

Features

  • Enhances the sign-in service for DSM accounts with two sign-in methods – Approve sign-in and hardware security key
  • Provides sign-in methods that can replace the use of passwords, creating a seamless DSM sign-in experience
  • Integrates the identity verification function in DSM for a more powerful 2-factor authentication function
    • In addition to using a one-time verification code (OTP), users have the option to use Approve sign-in or a hardware security key as the second step of the 2-factor authentication process

Specifications

  • Supports DSM web portal and DSM applications' login portals
  • Integrated with Auto Block and Account Protection functions to include failed login attempts and failed identity verification in login failures
  • Approve sign-in
    • Synology Secure SignIn mobile app supports Android and iOS devices
    • Can be used to replace the password or as the second step of 2-factor authentication process
    • Provides seamless DSM sign-in via a single tap on a connected device
    • Offers quick setup through scanning a QR Code via the Synology Secure SignIn mobile app
    • Supports connection to Synology NAS via public IP, domain name, or QuickConnect
  • Hardware security key
    • Supports hardware security keys that comply with the U2F and FIDO2 standards for signing in to DSM account (Please refer to this compatibility list)
    • Supports various key types, including USB-like external keys or built-in keys (Touch ID on macOS devices or Windows Hello on Windows devices)
    • Can be used to replace the password or as the second step of 2-factor authentication process
  • 2-Factor Authentication
    • Supports Approve sign-in, hardware security key, and Time-based One-Time Password (TOTP) protocol
      • Supports mobile apps such as Synology Secure SignIn, Google Authenticator, and Microsoft Authenticator that use the TOTP protocol
    • 2-factor authentication enforcement for specific user groups
    • Allows trusted devices to skip the 2-factor authentication

Limitations

  • Secure SignIn Service requires signing in to Synology Account
    • Approve sign-in requires the DSM push notification service and cannot operate normally if the Synology NAS cannot connect to the Synology Account
  • Approve sign-in
    • Available only on the Synology Secure SignIn mobile application
  • Hardware security keys
    • Requires accessing Synology NAS through domain name over HTTPS
    • Does not support connection to Synology NAS via IP or QuickConnect
    • Only supports specific browsers and operation systems (Learn more)
    • The manufacturer and model of the security key supported by DSM may vary. Please use Synology tested and recommended products (Please refer to this compatibility list)

Affiliated Utility

Synology Secure SignIn (Mobile)

Features

  • Supports Android and iOS devices
  • Supports using one app for two verification methods - Approve sign-in and one-time verification code (OTP)
  • Integrates DSM's Login Analysis to alert Approve sign-in users of abnormal login activities
  • Supports backing up Approve sign-in and OTP profiles to Synology Account and restoring them when the mobile device is lost

Specifications

  • System requirements
    • iOS: 11.0 or above
    • Android: 8.0 or above
  • Screen lock will be turned on by default on the mobile device when using Synology Secure SignIn to ensure security
  • Approve sign-in
    • Supports receiving real-time login requests through push notification on the mobile device
    • Supported even without push notification turned on, as long as user is able to pass screen lock
    • Supports using HTTPS connection to ensure the security of network transmission
    • Supports manual set up without signing in to DSM desktop
    • Supports using public IP, domain name, or QuickConnect to set up
    • Supports up to 20 Approve sign-in accounts
  • One-time verification code (OTP)
    • Supports the Time-based One-Time Password (TOTP) standard for receiving OTP for DSM as well for other third-party services that support the same standard
    • Supports obtaining the verification code even without network connection (NTP time synchronization is recommended to ensure the correct time on the mobile device)
    • Supports up to 500 OTP profiles per mobile device
  • Auto backup and sync
    • Supports automatically backing up Approve sign-in accounts and OTP profiles to Synology Account from multiple devices. Data will be synced across the devices that are signed in to the same Synology Account
    • Supports automatically syncing any modifications to cloud storage
    • If there is a backup in a Synology Account, turning on auto backup and sync and signing in on a new mobile device will restore the backup

Limitations

  • Does not support accessing Synology NAS through private IP when setting up or using Approve sign-in
  • Does not support HMAC-based One-time Password algorithm (HOTP; specified in IETF RFC 4226)