Secure SignIn (iOS)

Version 1.2.0

Synology Secure SignIn increases account security and offers two verification methods: Approve sign-in and verification code (OTP). Approve sign-in can be used to replace your DSM password. For enhanced protection, use either method as the second sign-in step of 2-factor authentication (2FA).

Before You Start

Before setting up Synology Secure SignIn, make sure your Synology NAS runs on DSM 7.0 or above, and the Secure SignIn Service package is properly installed and enabled.

Approve Sign-In

Approve sign-in can be used to authenticate your DSM logins with or without enabling 2-factor authentication. This feature lets you simply tap a button on your mobile device to complete user verification.

To set up Approve sign-in:

If you are setting up Approve sign-in in DSM, follow these steps:

  1. In DSM, click the user icon at the upper-right corner of the desktop, go to Personal > Security > Sign-in Method, and select either Single-Factor Authentication or 2-Factor Authentication.
  2. Select Approve sign-in. Enter your password when prompted. This will launch the setup wizard.
  3. When prompted by the setup wizard, open Synology Secure SignIn on your mobile device, click + at the upper-right corner and scan the QR code on the screen to complete the setup process.

If you are not using DSM at this time, you can still set up Approve sign-in directly on your mobile device by following these steps:

  1. Open Synology Secure SignIn. On the Account tab, tap the Set up button or + at the upper-right corner.
  2. Type in the address of your Synology NAS. You may use any of the following:
    • Public IP address
    • QuickConnect ID
    • Domain (FQDN)
  3. Enter your username and password, and tap Sign in. This completes the setup process.

Note:

  • After the setup is complete, you can view the DSM account that you have successfully paired with the app on the Account tab.
  • You can set up a maximum of 20 Approve sign-in accounts per mobile device.

To sign in to DSM on your computer with Approve sign-in:

  1. Enter your username on the DSM login page and hit Enter or click the right arrow.
  2. If the default sign-in method is not Approve sign-in, click Other sign-in methods and select Approve the request on your Synology Secure SignIn app.
  3. The system will send a sign-in request to the mobile device on which you have configured Approve sign-in. Open Synology Secure SignIn or the push notification sent by the app, and tap Approve. You will be signed in to DSM on your computer.

Note:

  • Please make sure your mobile device has Internet connection when using this feature.

OTP

Synology Secure SignIn can be used to obtain a verification code (OTP) for 2-factor authentication. This option does not require Internet connection on your mobile device, ensuring that you can sign in regardless of network connectivity. You may also use third-party authentication apps, as long as they support the standard TOTP (Time-based One-Time Password) protocol.

To set up verification code (OTP) for your DSM account:

  1. In DSM, click the user icon at the upper-right corner of the desktop, select Personal > Security > Sign-in Method, and click 2-Factor Authentication.
  2. Select Verification code (OTP). Enter your password when prompted. This will launch the setup wizard. Read the instructions on the screen and click Start.
  3. If you do not have an authenticator app on your mobile device, open a QR code scanner and scan the QR code on the page to download Synology Secure SignIn. When you are finished, click Next.
  4. Open Synology Secure SignIn or other third-party authenticator on your mobile device and scan the QR code on the screen. Alternatively, you can click the link on your mobile device to manually enter a secret key.
  5. Your authenticator app generates a 6-digit verification code. Enter this code in the wizard to confirm that configurations are correct. If an error occurs, please check that the system time of your mobile device is synchronized with the system time of DSM. Also, verification codes are updated periodically, so make sure the code you entered has not expired. Click Next.
  6. Confirm Backup e-mail settings. If you lose your paired device, you can request a verification code to be sent to this email address.
    • If you have already configured an email address at DSM > Personal > Account, the email address is automatically filled in here. Make sure to verify the email address if you haven't done so.
  7. Click Send verification email. Then, check your mailbox and click the link in the email to verify your email address. Once verified, return to DSM and continue the OTP setup.
  8. Once the setup is finished, click Close to save the settings.

Note:

  • If you have successfully completed the setup, the Second sign-in step under 2-Factor Authentication section will show Verification code (OTP).
  • This sign-in method is only available when 2-factor authentication has been enabled.
  • You can set up a maximum of 500 OTP profiles per mobile device.

To sign in to DSM on your computer with verification code (OTP):

  1. On the DSM login page, enter your username and hit Enter or click the right arrow.
  2. Enter your password and hit Enter or click the right arrow.
  3. Open Secure SignIn on your mobile device and locate the 6-digit verification code on the OTP tab. Enter the code on the DSM login page before it expires.

Note:

  • If you have multiple 2-factor authentication sign-in methods set up, verification code (OTP) may not be the default second sign-in step. You can click Other sign-in methods on the login page to switch to this method.

Backup email

Once you have configured and verified an email address, you can request a verification code to be sent to the verified email address if you lose your paired device. You can then use this code to sign in to DSM.

To enable backup email:

  1. Open Synology Secure SignIn. On the Account tab, tap on an account that has signed in to DSM.
  2. Tap Backup Email.
  3. If you have already configured an email address at DSM > Personal > Account, the email address is automatically filled in here. If not, enter an email address and tap OK.
  4. Tap Send Verification Email. Then, check your mailbox and click the link in the email to verify your email address.

Note:

  • If you want to change the email address, repeat the steps above. Alternatively, you can configure the settings at DSM > Personal > Account.

Auto Backup and Sync

Automatically back up your paired Approve sign-in accounts and OTP profiles to your Synology Account. Your data will be synced across multiple devices, and you can easily restore the backup when switching devices.

To turn on the auto backup and sync feature:

On a Synology Secure SignIn app you've run before:

  1. Open the app on your mobile device, tap the vertical ellipsis at the upper-right corner, and tap Settings.
  2. Tap Backup service and toggle to turn on Auto Backup and Sync.
  3. Follow the instructions on the screen to sign in to your Synology Account.

On a newly installed Synology Secure SignIn app:

  1. Open the app on your new mobile device. Sign in to your Synology Account.

Note:

  • If you do not have a Synology Account, create one by clicking Create an account on the sign-in page or signing in with a third-party account.

To delete the backup accounts and profiles from your Synology Account:

  1. Open Synology Secure SignIn on your mobile device, tap the vertical ellipsis at the upper-right corner, and tap Settings.
  2. Tap Backup service > Delete Backup.

Note:

  • If you delete your backup, Auto Backup and Sync will be automatically stopped on all your synced devices. To resume this feature on any device, toggle it off and then toggle it on again.
  • Deleting your backup won't delete data on devices.

Configure passcode

For enhanced security, you can enable passcode lock. You will be required to enter the passcode every time you open the app.

To enable passcode lock:

  1. Open Synology Secure SignIn on your mobile device, tap the vertical ellipsis at the upper-right corner, and tap Settings.
  2. Tap Configure passcode.
  3. Toggle to enable Passcode lock.
  4. Enter a 4-digit passcode. When prompted, re-enter the passcode.

Note:

  • After enabling passcode, you can use biometric authentication to replace the passcode.

To change the passcode:

  1. Open Synology Secure SignIn on your mobile device, tap the vertical ellipsis at the upper-right corner, and tap Settings.
  2. Tap Change Passcode.
  3. Enter your old passcode.
  4. Enter a new 4-digit passcode. When prompted, re-enter the passcode.

To configure passcode re-authentication:

  1. Open Synology Secure SignIn on your mobile device, tap the vertical ellipsis at the upper-right corner, and tap Settings.
  2. Tap Passcode Re-authentication.
  3. Select how long your authentication should remain valid. For example, if you select 5 minutes, passcode will be required if you open the app again after 5 minutes of closing the app.

Require screen lock

For enhanced account security, you can require another identity verification step after tapping "Approve" to a sign-in request.

To make another verification step mandatory:

  1. Open Synology Secure SignIn on your mobile device, tap the vertical ellipsis at the upper-right corner, and tap Settings.
  2. Toggle to turn on Require screen lock.
  3. Click Done to save the settings.

Note:

  • This option is set to on by default.

Always show OTP

For convenience and quick access to codes, you can choose to have OTP codes always displayed upon opening the app.

To enable the always show OTP option:

  1. Open Synology Secure SignIn on your mobile device, tap the vertical ellipsis at the upper-right corner, and tap Settings.
  2. Toggle to turn on Always show OTP.
  3. Click Done to save the settings.

Note:

  • This option is set to on by default. However, you can turn it off to increase the security level. When toggled off, OTP codes are only displayed when you tap on specific accounts.
Before You Start
Approve Sign-In
OTP
Backup email
Auto Backup and Sync
Configure passcode
Require screen lock
Always show OTP