Synapse Docs
Synapse Docs
Breadcrumbs

Managing Your Account

This page describes how to create, access, and manage your Synapse account, including authentication, account recovery, and security best practices.

Anyone can browse public content on Synapse, but you need an account to download and/or add content. To create an account, you must be over the age of 18 and have an email address. Synapse will send an email verification message to complete registration.

Some actions in Synapse require additional steps, such as certification or validation. See Synapse user account types to learn which account type you need.

Creating a Synapse Account

You can create a Synapse account in one of the following ways:

All Synapse accounts require two-factor authentication (2FA) to complete registration and log in.

Two-Factor Authentication (2FA)

Two-factor authentication (2FA) adds an extra layer of security by requiring a time-based one-time password (TOTP) in addition to your login password.

After you verify your email address, you will need to set up 2FA:

  1. Scan the displayed QR code using a TOTP authenticator

  2. Enter the 6-digit code to confirm

  3. Save your backup codes (see below)

2FA is required for all Synapse accounts.

Supported 2FA Methods

Synapse supports TOTP-based authenticators, such as Authy, Duo mobile, Google, or Microsoft authenticators. SMS-based authentication is not supported.

You may use:

  • Mobile authenticator apps

  • Desktop applications

  • Browser-based authenticator extensions

A smartphone is not required.

Using Synapse Without a Phone

Some users do not have access to a smartphone or prefer not to install authenticator apps on mobile devices. Synapse supports desktop and browser-based TOTP authenticators that allow full account access without a phone.

The following authenticators work on Windows, macOS, and Linux:

  • Authenticator (free and open-source)

    • Note: Authenticator stores codes locally on your browser profile. If your browser is uninstalled or your computer is lost, you will lose access unless you have backup codes.

  • Bitwarden (subscription required)

  • LastPass (free)

  • 1Password (subscription required)


Backup Codes

After 2FA is set up, Synapse generates one-time backup codes. Store them in a secure place separate from your authenticator.


2FA Recovery

If you lost your authenticator but still have backup codes

Use a backup code at login, then reconfigure your authenticator after you regain access. (Backup codes are intended for exactly this scenario.)

If you lost both your authenticator and your backup codes

  1. Log in to https://accounts.synapse.org by entering your password or completing the OAuth flow

  2. Select “Lost access to your codes?”

  3. Follow the prompts to send a reset email to the address associated with your account

Managing your profile

Visit your user profile (click the letter icon or photo in the bottom-left and select View Profile). From there, select Edit Profile to:

  • Change your Synapse username, email, or password

  • Add/edit your first and last name

  • Add/edit additional information (affiliation, title, etc.)

  • Upload a profile picture

  • Add a brief biography


Account settings

Open Account Settings (letter icon or photo → Account Settings) to manage additional preferences and features, including:

  • Email Addresses

  • Change Password

  • Date/Time Format

  • Trust & Credentials

  • Two-factor Authentication (2FA)

  • Personal Access Tokens (PATs)

  • OAuth Clients

  • Privacy Preferences

Password safety note: Do not reuse passwords from other sites. Use a unique password and a secure password manager.


Email addresses and notifications

Add additional email addresses

Your Synapse account can have multiple email addresses. Each time you add a new email, Synapse sends a confirmation link to verify ownership.

Add a Google email address to enable “Sign in with Google” (SSO)

Synapse supports Google Single Sign On (OAuth 2.0). If you’re already signed in to Google in your browser, you can sign in without entering a Synapse password once your Google email is connected.

To enable this, create your Synapse account using your Google email, or add your Google email as a secondary email in Account Settings → Email Addresses

After adding the Google email:

  1. Sign out of Synapse

  2. Sign back in using Sign in with Google on the Synapse login page


Synapse email alias and notifications

Synapse creates an email alias for you: <your username>@synapse.org.

Synapse uses this alias as a relay to send/receive messages while keeping your registered email private.

Rules to know:

  • To email <someone>@synapse.org, you must send from an email address registered on your Synapse account; otherwise, the message will bounce.

  • Synapse forwards your message to the recipient’s registered email and replaces your address with your Synapse alias.

  • Synapse sends platform notifications (e.g., @mentions) to the single email you have set as your primary email (manage in Account Settings).

Logging in programmatically

Personal Access Tokens (PATs)

You can log in to the Synapse command linePython, or R clients using a personal access token instead of a username and password. Tokens are recommended because they can be revoked and scoped.

Protect your tokens - Never hardcode tokens into code. Use environment variables or secure storage.

To create/manage PATs:

  1. Go to Account Settings

  2. Scroll to Personal Access Tokens

  3. Click Manage Personal Access Tokens to view existing tokens or select Create New Token

Where entering a 2FA code isn’t possible (e.g., automated jobs), PATs are the recommended approach because they do not prompt for interactive 2FA entry.

Deactivated Accounts

In order to meet compliance requirements, accounts are automatically deactivated after a 370-day period of latency. Accounts can also be deactivated by the Sage Admin team if suspected misuse, violation of Terms of Service, or Synapse Pledge is detected.

Reactivating Accounts

Deactivated accounts can only be reactivated by Sage. File a ticket with our Service Desk if you need assistance with your account.

Deleting Your Account

:warning:

Account Deletion is Permanent

Sage Bionetworks is committed to honoring your privacy rights under applicable regulations, including the GDPR Right to Erasure (Right to Be Forgotten). If you wish to stop using Synapse, you can request account deletion by contacting us through our virtual help desk. Upon deletion, your account will be disabled and you will no longer be able to log in.

Your personal identifying information — such as your name, email address, and profile details — will be removed from your account record and replaced with anonymized data. Please be aware that all of your public activities will remain publicly viewable, and all of your activities within private projects remain viewable to the people within that project Synapse, as these activity records are necessary to preserve the scientific integrity and audit trail of the research data hosted on the platform. For GDPR-related inquiries, including Data Subject Access Requests, you may also contact Sage Bionetworks' Privacy Officer at privacyofficer@sagebionetworks.org..