Your ControlUp Insights is now even more secure. We've improved the login by adding one-time passcode (OTP) verification, providing increased security for all your ControlUp users.
You benefit from using one-time passcodes because:
- OTPs are less vulnerable than user-generated passwords to hacker’s replay attacks. Potential hackers may be able to record an OTP that was used to log into ControlUp Insights but they will not be able to use it, since it’s valid only once.
- A user who uses the same or similar password for multiple logins is more vulnerable on all of them if the password for one of these is stolen by a hacker. With system-generated OTPs, the passcode is valid for only ControlUp Insights and only once.
To access Insights:
- Go to https://insights.controlup.com/organization-select and the Welcome screen appears.
- Enter your email address and click CONTINUE, and a confirmation email with a one-time passcode (OTP) is sent to your email, and the Email Verification screen appears.
- Enter the passcode you received in the Email Verification screen.
Check Don't ask me again on this computer if you want Insights to remember your computer and skip this step for future logins.
Note: By default, this feature is set to remember your computer for 30 days and can be modified by an organization owner from within Insights as described below.
Note: The OTP is valid for five minutes. If the OTP expires, Click Send again, and a new OTP is sent to your email.
Once you have entered your OTP click Continue, and you are prompted to select an organization.
- Use the dropdown menu to select one of the available organizations.
Check Always use this organization to use the selected organization and skip this step for future logins.
Once you've made your selection, click Continue, and Insights begins in your browser.
To modify the one-time passcode (OTP) authentication settings:
- Click the arrow next to your username in the upper left-hand of the Insights screen and click Settings > OTP Authentication, and the OTP Authentication popup appears.
Note: Only organization owners can modify the OTP settings. If you do not see OTP Authentication under Settings, contact you organization's owner to modify these settings. To change an organization owner see here.
- Toggle with the checkbox to enable/disable the Don't ask again on this computer option on the login page.
- If the Don't ask again on this computer option is checked, you can use the Duration dropdown menu to change the amount of days (1-30) to be implemented when selected from the login page.
The default setting is 30 days. Once the the selected amount of time elapses, you can reset it by following the steps above.
Keep in Mind
A few things to remember when accessing Insights:
- This new login flow applies to all users accessing Insights.
- The Don't ask again on this computer option enables immediate login for the same user using the same browser.
- If Don't ask again on this computer is enabled, users jump straight to the Insights app and don't have to enter a user ID or passcode.
- If Don't ask again on this computer is not enabled and the user’s login session is logged out, either voluntarily or due to inactivity, a new OTP is sent to the user’s email and must be entered to when re-logging in.
- If a user leaves an organization, that user's Insights access can be removed in the ControlUp Console from ControlUp Insights > User Permissions.
- If a session times out due to inactivity, the web client is disconnected from the backend server and a landing page opens where users can select to go back to the Insights login page.