Your ControlUp Insights is now even more secure. We've improved the login by adding one-time passcode (OTP) verification, providing increased security for all your ControlUp users.
You benefit from using one-time passcodes because:
- OTPs are less vulnerable than user-generated passwords to hacker’s replay attacks. Potential hackers may be able to record an OTP that was used to log into ControlUp Insights but they will not be able to use it, since it’s valid only once.
- A user who uses the same or similar password for multiple logins is more vulnerable on all of them if the password for one of these is stolen by a hacker. With system-generated OTPs, the passcode is valid for only ControlUp Insights and only once.
To access Insights:
- Go to https://insights.controlup.com/organization-select and the Welcome screen appears.
- Enter your email address and click CONTINUE, and a confirmation email with a one-time passcode (OTP) is sent to your email, and the Email Verification screen appears.
- Check your mail inbox and copy the verification code.
- Paste the one-time passcode into the Passcode field and click Continue.
- Select an available ControlUp Organization you want to connect. Check Always use this organization to use the selected organization and skip this step for future logins.
Once you've made your selection, click Continue, and the Insights portal is shown in your browser.
To modify the one-time passcode (OTP) authentication settings:
- Click the arrow next to your username in the upper left-hand of the Insights screen and click Settings > OTP Authentication, and the OTP Authentication popup appears.
Note: Only organization owners can modify the OTP settings. If you do not see OTP Authentication under Settings, contact you organization's owner to modify these settings. To change an organization owner see here.
- Toggle with the checkbox to enable/disable the Don't ask again on this computer option on the login page.
- If the Don't ask again on this computer option is checked, you can use the Duration dropdown menu to change the amount of days (1-30) to be implemented when selected from the login page.
The default setting is 30 days. Once the the selected amount of time elapses, you can reset it by following the steps above.
Keep in Mind
A few things to remember when accessing Insights:
- This new login flow applies to all users accessing Insights.
- The Don't ask again on this computer option enables immediate login for the same user using the same browser.
- If Don't ask again on this computer is enabled, users jump straight to the Insights app and don't have to enter a user ID or passcode.
- If Don't ask again on this computer is not enabled and the user’s login session is logged out, either voluntarily or due to inactivity, a new OTP is sent to the user’s email and must be entered to when re-logging in.
- If a user leaves an organization, that user's Insights access can be removed in the ControlUp Console from ControlUp Insights > User Permissions.
- If a session times out due to inactivity, the web client is disconnected from the backend server and a landing page opens where users can select to go back to the Insights login page.