Synology Secure SignIn is a secure login framework that helps increase your DSM account security by verifying your sign-ins. This can be done through several different methods, such as approved sign-ins, verification codes (OTP), and hardware security keys.

Why use Secure SignIn?

• Passwordless sign-in: Verify your sign-ins without having to use a password, simplifying and streamlining your DSM experience.
• 2-Factor Authentication: Prevent hackers from easily compromising your account by adding a second layer of protection on top of your password.
• Strengthen security by eliminating risky password management practices.

DSM administrators must make sure of the following before setting up:

• Your NAS is running DSM 7.0 or above.
• (For Approve sign-in) DSM can be accessed via a public IP address, QuickConnect ID, or domain (FQDN). See the Synology NAS External Access Quick Start Guide for information on how to externally access your NAS.
• (For hardware security keys) DSM has a valid domain name and is accessible over HTTPS. The domain name cannot be an IP address or a QuickConnect address.
• (For hardware security keys) You are using a hardware security key supported on DSM. See Frequently asked questions about registering a hardware security key for more details.
• (For verification codes) DSM administrators can optionally set up email notifications and configure an email sender for sending emergency verification codes at Control Panel > Notifications.

Approve sign-in

This method allows you to approve your DSM sign-in requests by simply tapping a button from the Synology Secure SignIn app on your iOS or Android device.¹

1. In DSM, click the person-shaped icon in the upper corner of the desktop.
2. Select Personal > Account.
3. Under Sign-in Method, select Passwordless Sign-In.
4. Select Approve sign-in and enter your password.
5. Follow the steps to install the Synology Secure SignIn app on your mobile device.
6. From the Secure SignIn app, click the + icon to scan the QR code to add your device.
   • What to do if you cannot set up Approve sign-in with the QR code.
     
7. Once done, click Finish to complete the setup.
8. The next time you sign in, you just need to open the Secure SignIn app to approve your sign-in.²
   

Hardware security key

This method allows you to sign in to DSM using a USB key, Windows Hello, or Mac Touch ID.¹

1. Open your browser, type in HTTPS:// followed by your DSM domain name in the address bar, and then sign in.
2. In DSM, click the person-shaped icon in the upper corner of the desktop.
3. Select Personal > Account.
4. Under Sign-in Method, select Passwordless Sign-In.
5. Select Hardware security key and enter your password.
6. Select the type of hardware key that you are using. If you want to use Windows Hello or Mac Touch ID, make sure to configure them first on your computer.
7. Follow the on-screen instructions to set up.
8. Enter a name for your security key and click Done to finish the setup.
9. The next time you sign in, you will need to use your hardware security key to sign in.²

We recommend you to enable 2-factor authentication for your DSM account. By requiring a second identity verification step, 2-factor authentication provides an extra layer of protection to safeguard your account and creates a barrier to hacking.

Administrators can enforce 2-factor authentication for users at Control Panel > Security > Account.

Approve sign-in

This method allows you to verify your DSM sign-in requests by simply tapping a button from the Synology Secure SignIn app on your iOS or Android device.

1. In DSM, click the person-shaped icon in the upper corner of the desktop.
2. Select Personal > Account.
3. Under Sign-in Method, select 2-Factor Authentication.
4. Select Approve sign-in and enter your password.
5. Follow the steps to install the Synology Secure SignIn app on your mobile device.
6. From the Secure SignIn app, click the + icon to scan the QR code on the screen to add your device.
   • What to do if you cannot set up Approve sign-in with the QR code.
     
7. Once the QR code is scanned, you will be asked to enable the verification code (OTP) as an alternative sign-in method.
8. Scan the QR code and enter the OTP from the OTP page in the app into the wizard for confirmation.
   
9. Set up your backup email for in case you lose your mobile device. This will allow email notifications to be sent on your behalf.¹
   • If your administrator has configured email notifications, then you can just fill in your backup email.
   • If your administrator has not configured email notifications, click Set Up to set up and authenticate an email service provider.
   • Click Next when you're done.
     
10. Click Done to complete the setup.
11. The next time you sign in, you just need to open the Secure SignIn app to approve your sign-in after entering your password.
    

Verification code (OTP)

This method allows you to verify your DSM sign-ins by entering a 6-digit code from the Synology Secure SignIn app on your iOS or Android device.

1. In DSM, click the person-shaped icon in the upper corner of the desktop.
2. Select Personal > Account.
3. Under Sign-in Method, select 2-Factor Authentication.
4. Select Verification code (OTP) and enter your password.
5. Follow the steps to install the Synology Secure SignIn app on your mobile device.
6. From the Secure SignIn app, click the + icon to scan the QR code on the screen to add your device.
7. Scan the QR code and enter the OTP from the app into the wizard for confirmation.
   
8. Set up your backup email for in case you lose your mobile device. This will allow email notifications to be sent on your behalf.¹
   • If your administrator has configured email notifications, then you can just fill in your backup email.
   • If your administrator has not configured email notifications, click Set Up to set up and authenticate an email service provider if you haven't already done so in Personal > Email Delivery.
   • Click Next when you're done.
     
9. Click Done to complete the setup.
10. The next time you sign in, you'll need to enter the 6-digit verification code from the Secure SignIn app as a verification after entering your password.
    

Hardware security key

This method allows you to verify your sign in to DSM using a USB key, Windows Hello, or Mac Touch ID.

1. Open your browser, type in HTTPS:// followed by your DSM domain name in the address bar, and sign in.
2. In DSM, click the person-shaped icon in the upper corner of the desktop.
3. Select Personal > Account.
4. Under Sign-in Method, select 2-Factor Authentication.
5. Select Hardware security key and enter your password.
6. Select the type of hardware key that you are using. If you want to use Windows Hello or Mac Touch ID, make sure to configure them first on your computer.
7. Follow the on-screen instructions to set up.
8. Enter a name for your security key and click Done to finish the setup.
9. The next time you sign in, you will need to use your hardware security key to verify your sign in after entering your password.

You can back up the paired Approve sign-in accounts and OTP profiles to your Synology Account for restoration in case you change or lose your mobile device.

Enable the backup feature

1. Open Synology Secure SignIn on your mobile device, tap the vertical ellipsis ⋮ icon > Settings.
2. Tap Backup service and turn on Auto Backup.
3. Follow the instructions on the screen to sign in to your Synology Account.

Restore the backed up accounts from your Synology Account

1. Open Synology Secure SignIn on your new mobile device.
2. If you have newly installed the app, you will see the welcome page. Click Restore Backup.
3. Follow the instructions on the screen to sign in to your Synology Account.

Software specs

• Full software specifications for Synology Secure SignIn

Related Articles

• Which USB security keys does Secure SignIn Service support?
• Does my Synology package support 2-factor authentication?
• What can I do to enhance the security of my Synology NAS?
• I can't sign in to Synology NAS (DSM) using 2-factor authentication (2FA). What can I do?
• Why is my mobile device's time different from my Synology NAS?
• How do I keep my Synology Account safe and secure?
• Security Measures Quick Start Guide
• For more information on Secure SignIn, please refer to this page.