Support

Two-Factor Authentication

Two-Factor Authentication

Our Two-Factor authentication works with Google AuthenticatorAuthyDuo and other similar One Time Password (OTP) apps – it’s up to you to pick one that suits you the best.

Log in to playsignage.com with Google Authenticator  Log in to playsignage.com with Duo  Log in to playsignage.com with Authy

To add Two-Factor authentication you need to be logged in to your account.

Profile menu for users

In the lower left corner, click your profile name and then Profile

Enable 2FA on playsignage.com

Then, before moving forward, download one of the two-factor apps on your smartphone. Once downloaded click Enable Two-Factor Authentication.

Enable 2FA on playsignage.com by scanning QR code

Using the app you just downloaded, scan the displayed QR code, this will create the code you need. Insert the code, click Submit and you’re good to go.

Having done this, the system will ask for a code every time you log in, no matter if you’re using Facebook, Google or email and password.

Disable Two-Factor Authentication

To disable Two-Factor authentication you need to be logged in to your account. Same procedure as when enabling.

Disable 2FA

 

Two-Factor Authentication

Okta Authentication with OpenID Connect

Play Digital Signage users may use Okta Authentication to manage access and login to their teams with help of Play Digital Signage OIDC app available in Okta Integration Network (OIN).

1. Install Play Digital Signage OIDC app

Search OIN for Play Digital Signage app and install it.

2. Assign Users

Assign users or groups that should be able to login to your Play Digital Signage team using tile in Okta applications page.

3. Setup your Play Digital Signage team with Okta

Go to Sign On section of Play Digital Signage Okta app settings and note down the client ID and client secret.

Now navigate to team page (https://my.playsignage.com/manage/team) of your Play Digital Signage account and find “Setup Okta Authentication” button. Before clicking the button make sure you are the owner of the team and there are no other users but you in your team. Once you’ve done that, go ahead and click the “Setup Okta Authentication” button and fill in your Okta organization url E.g. https://my-org.okta.com ,  your client ID and client secret. Having done that, go ahead and click “Setup” button.

WARNING: once you setup your Play Digital Signage team with Okta authentication, you will no longer be able to access the team with your original user. If you would like to reverse this, please contact [email protected] or use live chat to get in touch with our staff.

4. Login to your team using Okta

Now that your Play Digital Signage team is setup with Okta authentication, you can go ahead and login to your team using Play Digital Signage tile in your Okta dashboard.

NOTE: the first Okta user that logs in to the team after setting up Okta authentication will become team owner. You may transfer the ownership or change roles of the users later on, by going to your Play Digital Signage team page (https://my.playsignage.com/manage/team).

Application security & protocols

Application security & protocols

In Play Digital Signage, we take security of your data very seriously. This page gives a brief summary of the security procedures at Play Digital Signage

How is my web account secured?

Your passwords are stored in our database encrypted using top of the line Argon2 password hashing algorithm. This way, your passwords are not known to our staff and will not be compromised in the unlikely event of a data breach. Your login sessions are facilitated using Secure HTTPS-only cookies to eliminate the risk of eavesdropper stealing them by intercepting your connections.

When you register (or change password), we will go the extra mile to check your password against a public database of leaked passwords to ensure that you’re not using an insecure password. Your password does not leave our servers during the check, we use K-anonymity protocol to check the password at a trusted service HaveIBeenPwned.

Your web chat is managed by crisp.chat, yet another security conscious company, you can find their practices described in detail.

Additionally:

  • All the communications between your device and browser are protected using SSL and DNSSEC.
  • We backup your data multiple times a day.
  • We use CloudFlare to detect and mitigate hacker attacks.
  • We support Two-Factor Authentication.
  • All the communication between our servers is encrypted and done over private networks.

Read more:

How secure are communications?

All connections to our servers are HTTPS, that means that the traffic is encrypted, that includes web-socket connections. We have disabled SSLv3 and use TLS exclusively.

The Internet traffic is routed through Cloudflare network, which protects our servers against Denial Of Service (DoS) and brute force attacks.

Read more:

How are my files secured?

Your files are hosted on Digital Ocean Spaces service, either in Paris or San Fransisco data-center depending on your location. While we can not make the files private, because the players need to be able to download the files from the Internet, we generate a unique id for each file, so the URL is virtually impossible to guess. For an example this is the URL of an uploaded file:

https://eu-storage.playsignage.com/aac73f17-380c-40c2-a869-e23b261bcd62/05e2b56f-13b3-44c2-b344-7690def51b67/05e2b56f-13b3-44c2-b344-7690def51b67.png

An attacker has better chances of guessing your password! (so make sure it’s secure)

Sensitive files?

If your files can not be stored on the public web due to company policy or any other reason, it’s also possible to reference files from a private file server, read more on private files.

How are players secured?

When a player is linked to a user account, the server generates a unique secret token that is sent to the player once. Every subsequent request made by the player to our servers requires the token to be present in order to prevent malicious attacker from impersonating as the player itself. The weakest link is the physical player security, so make sure it’s out of sight and if possible, then out of reach!

Read more:

Where is my credit card information stored?

We use Stripe as our payment gateway and they take care of storing your information securely. Stripe is PCI Data Security Standard certified company. When you link a credit card with your account, your credit card numbers are sent to Stripe servers directly from your browser, our system does not store or process your credit card information.

Read more:

Which external services the players connect to?

In case the player is behind a corporate firewall, you need to white-list following domains (port 443):

  • playsignage.com
  • We recommend whitelisting all subdomains of *.playsignage.com to be future-proof. If wildcard white-listing is not possible, then the player may also use following sub-domains:
    • stream.playsignage.com OR us-stream.playsignage.com (WebSocket connection)
    • release.playsignage.com (only for Windows / OSX / Linux players to auto-update)
    • eu-storage.playsignage.com OR us-storage.playsignage.com (File storage)
    • quotes.playsignage.com (Quote plugin is using this endpoint to fetch quotes)
    • onthisday.playsignage.com (Today In History plugin is using this endpoint to fetch data)
    • proxy.playsignage.com (Weather, Facebook and Instagram plugin use this domain)
    • my.playsignage.com (Location of proxy used to fetch insecure non-HTTPS web resources)
    • logging.playsignage.com (Optional, for us to receive player logs and help us debug issues)
    • analytics.playsignage.com (Optional, if you want to use analytics functionality)
  • Some plugins communicate with external systems:
    • images.unsplash.com (When using images from Unsplash integration plugin)
    • player.vimeo.com (When using videos from Pixabay integration plugin)
    • media1.giphy.com, media2.giphy.com, media3.giphy.com, media4.giphy.com (When using GIFs from Giphy integration plugin)

FAQ

I don’t remember if I created a log in using a social account?

If you created your account using your Facebook account you should keep on using this, but in case you’ve forgotten and you create a new log in using for example username and password we link both logins to the same account. This way it does not matter if you log in using Facebook or username and password, cause it’s one and same account you’re accessing.

If you can’t log in please use the “Forgot password”. If you have questions contact us via our Live Chat or at [email protected]

How do you know that my password is compromised?

Upon every successful login, we use k-anonymity protocol to securely check your password against online database of compromised passwords – Pwned Passwords . Our system will notify you if your password has been a part of one or more data breaches in the past and ask you to change it to keep your account secure.

IMPORTANT: all the passwords in our database are encrypted (hashed) using top of the line Argon2 algorithm and nobody but you knows what your actual password is.

How to sign in if I lost my Two-Factor Authentication device?

If you have lost the device on which you had your authenticator app, and you cannot recover the authentication profiles, please write to [email protected].

Get our newsletter!