Compatible Authentication Apps
For Android, iOS, and Blackberry: Google Authenticator
For Android and iOS: Authy, Duo Mobile
For Windows Phone: Authenticator
Note: If you are unable to scan a QR code on your authentication device, you can use another app like CodeTwo to scan the QR code and get a special URL:
In this case, XXXYYYAAABBBCCC is the secret that you'll need to add to the authenticator app to finish setting up 2FA for your account.
Enable Two Factor Authentication for your User Profile
First, click on the dropdown menu on to the right of your avatar at the top of the screen. Then, select Profile. Open the Two-factor authentication menu from the left sidebar.
To enable Two Factor Authentication for your profile, follow the instructions on screen. First, scan the QR code using your chosen authentication app on your recovery device (usually a smartphone). Then, type your Assembla password into the textbox to confirm the change. Finally, ensure that everything is working by entering the code given to you by your authentication app. Click Enable and you’ll be good to go.
Note: If Google 2FA is required for users in your portfolio, that authentication method will be preferred. Additionally, if you use SSO to log into Assembla, you will not have a password to enable two-factor authentication. In that case, you will not be able to enable Assembla two-factor authentication for your user profile.
Require Two Factor Authentication for your Portfolio Users
To require that all users in your Portfolio use Two Factor Authentication, open the Admin menu for your Portfolio. Then, near the bottom of the page, click on the Enabled checkbox under the Two-factor Authentication heading. After you’ve checked the box, click on the Update 2FA Settings box to save your changes.
Note: If you enable this option and your users have not already set up 2FA for their user profile, then they will be prompted at their next login to enable & set up 2FA for their Assembla account. Users in the profile will not be able to log in or access Assembla until they have enabled 2FA for their user profile.
Working on my Repos with Two-Factor Authentication
When 2FA is enabled for your user, your username and password will not work with external clients to check out your repos or make a commit. Instead, you will need to use your username and API key with repo access. An API key can be obtained by opening your user profile and clicking on the API Applications and Sessions settings on the left sidebar. Then, check the Repository access checkbox and click the Create button to create an API key with repo access to use with two-factor authentication.
What if I Lose my Phone?
When a user activates 2FA for their account, they will be provided with a Recovery Code file in the event that their authentication device is lost. Please save this file in a place where you can find it in the event that you need to log into Assembla after losing your authentication device.
After supplying the recovery code, you will need to disable 2FA on your account and re-enable it to set up 2FA with a new authentication device.
To disable 2FA for your account, open your user profile and select the Two-factor authentication page from the left sidebar.
To disable 2FA from your account, enter your password in the appropriate text box and an unused recovery code in the text box that asks for a six-digit code from your application. 2FA will then be disabled from your account and you will have the opportunity to set up 2FA for your account again with a new authentication device.
If you have lost your authentication device and your recovery code, please contact Assembla support at email@example.com to reset your account.
Need help? Please contact us at firstname.lastname@example.org.