Secure SignIn Service

Secure SignIn Service

Features

  • Enhances the sign-in service for DSM accounts with two sign-in methods – Approve sign-in and hardware security key
  • Provides sign-in methods that can replace the use of passwords, creating a seamless DSM sign-in experience
  • Integrates the identity verification function in DSM for a more powerful 2-factor authentication function
    • In addition to using a one-time verification code (OTP), users have the option to use Approve sign-in or a hardware security key as the second step of the 2-factor authentication process

Specifications

  • Supports DSM web portal and DSM applications' login portals
  • Integrated with Auto Block and Account Protection functions to include failed login attempts and failed identity verification in login failures
  • Approve sign-in
    • Synology Secure SignIn mobile app supports Android and iOS devices
    • Can be used to replace the password or as the second step of 2-factor authentication process
    • Provides seamless DSM sign-in via a single tap on a connected device
    • Offers quick setup through scanning a QR Code via the Synology Secure SignIn mobile app
    • Supports connection to Synology NAS via public IP, domain name, or QuickConnect
  • Hardware security key
    • Supports hardware security keys that comply with the U2F and FIDO2 standards for signing in to DSM account (Please refer to this compatibility list)
    • Supports various key types, including USB-like external keys or built-in keys (Touch ID on macOS devices or Windows Hello on Windows devices)
    • Can be used to replace the password or as the second step of 2-factor authentication process

Limitations

  • Secure SignIn Service requires signing in to Synology Account
    • Approve sign-in requires the DSM push notification service and cannot operate normally if the Synology NAS cannot connect to the Synology Account
  • Approve sign-in
    • Available only on the Synology Secure SignIn mobile application
  • Hardware security keys
    • Requires accessing Synology NAS through domain name over HTTPS
    • Does not support connection to Synology NAS via IP or QuickConnect
    • Only supports specific browsers and operation systems (Learn more)
    • The manufacturer and model of the security key supported by DSM may vary. Please use Synology tested and recommended products (Please refer to this compatibility list)

Synology Secure SignIn Mobile

Features

  • Supports Android and iOS devices
  • Supports using one app for two verification methods - Approve sign-in and one-time verification code (OTP)
  • Sends Approve sign-in users instant notifications of any abnormal logins through integration with DSM's sign-in analysis feature
  • Supports backing up Approve sign-in and OTP profiles to Synology Account and restoring them when the mobile device is lost

Specifications

  • System requirements
    • iOS: 11.0 or above
    • Android: 7.0 or above
  • To ensure security, screen lock should be turned on on the mobile device when using Synology Secure SignIn
  • Approve sign-in
    • Supports receiving real-time login requests through push notification on the mobile device
    • Supported even without push notification turned on, as long as user is able to pass screen lock
    • Supports using HTTPS connection to ensure the security of network transmission
    • Supports manual set up without signing in to DSM desktop
    • Supports using public IP, domain name, or QuickConnect to set up
    • Supports up to 20 Approve sign-in accounts
  • One-time verification code (OTP)
    • Supports the Time-based One-Time Password (TOTP) standard for receiving OTP for DSM as well for other third-party services that support the same standard
    • Supports obtaining the verification code even without network connection (NTP time synchronization is recommended to ensure the correct time on the mobile device)
    • Supports up to 50 OTP profiles per mobile device
  • Backup and restore
    • Supports automatically backing up Approve sign-in accounts and OTP profiles to Synology Account. Each Synology Account can be used to back up one mobile device
    • Supports automatically syncing any modifications to cloud storage
    • Restoring data from a Synology Account on a new mobile device will automatically enable the backup function on the new device and disable it on the original device
      • After restore, Approve sign-in accounts listed will be signed-out. Users need to click on the profiles to re-authenticate

Limitations

  • Does not support accessing Synology NAS through private IP when setting up or using Approve sign-in
  • Does not support HMAC-based One-time Password algorithm (HOTP; specified in IETF RFC 4226)