Skip to main content

DHIS2 Login Flow with Email 2FA

1. User Without 2FA

If you don't have Two-Factor Authentication (2FA) set up, logging in is simple. Just enter your username and password in the login form. Once your credentials are verified, you will be taken directly to the system’s dashboard or main page.

2. User with TOTP 2FA

If you have TOTP (Time-Based One-Time Password) 2FA enabled, the login process will be similar to the standard login. You’ll start by entering your username and password as usual.

After you submit your login details, the system will recognize that you have TOTP 2FA enabled and will ask you to enter a TOTP code. This code is generated by your authenticator app (e.g., Google Authenticator or Authy). Once you enter the correct code, you’ll be granted access to the system.

3. User with Email 2FA

If you have email-based 2FA enabled, the process is slightly different. You will still start by entering your username and password. After your details are verified, the system will recognize that you need to enter a 2FA code sent to your email.

You’ll be prompted to check your email inbox for a 2FA code. Enter this code in the provided field to continue logging in.

There is also a Resend Code button in case you don’t receive the email or if the code expires. Clicking this button will resend the 2FA code to your email, but it will be disabled for 30 seconds after you click it. This prevents you from sending too many requests in a short time.

The instructions for the email-based 2FA will clearly tell you to check your inbox for the code, making sure you know where to look.

4. Error Handling for Failed Attempts

If you enter incorrect login details or the wrong 2FA code multiple times, the system will show an error message. This message will let you know why the login failed, such as "Invalid credentials" or "Too many failed attempts."

If there are repeated failed login attempts, the system will apply a brief lockout, requiring you to wait before trying again.

Note:
The system determines whether you are using TOTP or email-based 2FA based on your settings. This will guide the type of verification you need to complete.