Assembla allows you to use two-factor authentication (2FA) with the following compatible apps:
For Android, iOS, and Blackberry: Google Authenticator
For Android and iOS: Authy, Duo Mobile
For Windows Phone: Authenticator
Note: If you are unable to scan a QR code on your authentication device, you can use another app, such as CodeTwo, to scan the QR code and get a special URL:
otpauth://totp/Assembla:user_name?secret=XXXYYYAAABBBCCC&issuer=Assembla
In this case, XXXYYYAAABBBCCC is the secret that you'll need to add to the authenticator app to finish setting up 2FA for your account.
Enabling two-factor authentication for your user profile
To enable two-factor authentication
Click your avatar at the top of the screen.
Click My Profile > Two-factor authentication.
Follow the instructions on screen by first scanning the QR code using your chosen authentication app on your recovery device (usually a smartphone).
Type your Assembla password into the textbox to confirm the change.
Verify that everything is working properly by entering the code given to you by your authentication app.
Click Enable.
Note: If Google 2FA is required for users in your portfolio, that authentication method will be preferred. Additionally, if you use SSO to log into Assembla, you will not have a password to enable two-factor authentication. In that case, you will not be able to enable Assembla two-factor authentication for your user profile.
Requiring two-factor authentication for your portfolio users
To require that all users in your Portfolio use two-factor authentication
In the appropriate portfolio, click More > Portfolio Admin.
Scroll down to the Two-factor Authentication section, and then click Enabled.
Click Update 2FA Settings to save your changes.
Note: If you enable this option and your users have not already set up 2FA for their user profile, then they are prompted at their next login to enable and set up 2FA for their Assembla account. Users in the profile cannot log in or access Assembla until they have enabled 2FA for their user profile.
Working on your repositories with two-factor authentication
When 2FA is enabled for your user, your username and password do not work with external clients to check out your repos or make a commit. Instead, use your username and API key with repo access.
To get an API key
Click your avatar, and then select My Profile > API Applications & Sessions.
Check the Repository access box, and then click Create to create an API key with repo access to use with two-factor authentication.
Dealing with a lost phone
When a user activates 2FA for their account, they are provided with a Recovery Code file in the event that their authentication device is lost. Be sure to save this file in a place where you can find it in the event that you need to log into Assembla after losing your authentication device.
After supplying the recovery code, you must disable 2FA on your account, and then re-enable it to set up 2FA with a new authentication device.
To disable 2FA for your account
Click your avatar, and then select My Profile > Two-factor Authentication.
Type your password in Confirm current password, and then type an unused recovery code in Enter the six-digit code from the application.
Click Disable. 2FA is then disabled from your account and you have the opportunity to set up 2FA for your account again with a new authentication device.
If you lose your authentication device and your recovery code, please contact Assembla support at support@assembla.com to reset your account.
Need help? Please contact us at support@assembla.com.