Sign in to Incident Response using Single Sign-on, OAuth, or multi-factor authentication

Access Incident Response features and functionalities using Single sign-on (SSO), OAuth identity or multi-factor authentication (MFA).

Before you begin

Note: To use Sign in with Google, see Sign in to Incident Response using your Google account.

Role required: Responder, Manager, or Administrator

Procedure

Navigate to https://<subdomain>.airapp.lightstep.com.
Note: If you have SSO configured (with SAML or OAuth), use these instructions with your email address. The Sign in with Google button is not enabled for SSO or OAuth accounts.

In the Email field, enter your office email address and select Next.

Option	Action
If you have single sign-on (SSO) or OAuth identity authentication enabled	You are redirected to your Identity Provider to continue the sign-in process.
If you do not have single sign-on (SSO) enabled	Incident Response accounts can require multi-factor authentication. Note: MFA must be enabled on an account prior to setting it up. See Enable multi-factor authentication. Once MFA is enabled, the first time you sign-on to Incident Response, you are asked to setup multi-factor authentication (MFA). For configuration see, Set up multi-factor authentication. Perform the following steps to sign-on: In the Password field, enter the password and select Log in. Open the authenticator on your mobile device or browser extension for the 6-digit code. This code refreshes every 30 seconds. For information on authenticators on your mobile device, see Set up multi-factor authentication. In the Enter 6-digit verification code field, enter the code generated by the authenticator app. (Optional) Select Do not challenge for MFA on this browser for the next 8 hours to skip the authenticator when you log in during the next 8 hours. Select Log in. You are directed to the Incident Response Home page. Note: If you do not have your mobile or cannot access your 6-digit verification code, select the link in the following message that appears on top of the screen: A code will be sent to your email. You can use the code to login. The code is valid only for one session.

Option

Action

If you have single sign-on (SSO) or OAuth identity authentication enabled

You are redirected to your Identity Provider to continue the sign-in process.

If you do not have single sign-on (SSO) enabled

Incident Response accounts can require multi-factor authentication.

Note: MFA must be enabled on an account prior to setting it up. See Enable multi-factor authentication.

Once MFA is enabled, the first time you sign-on to Incident Response, you are asked to setup multi-factor authentication (MFA). For configuration see, Set up multi-factor authentication.

Perform the following steps to sign-on:

In the Password field, enter the password and select Log in.
Open the authenticator on your mobile device or browser extension for the 6-digit code. This code refreshes every 30 seconds. For information on authenticators on your mobile device, see Set up multi-factor authentication.
In the Enter 6-digit verification code field, enter the code generated by the authenticator app.
(Optional) Select Do not challenge for MFA on this browser for the next 8 hours to skip the authenticator when you log in during the next 8 hours.
Select Log in.
You are directed to the Incident Response Home page.

Note: If you do not have your mobile or cannot access your 6-digit verification code, select the link in the following message that appears on top of the screen:

A code will be sent to your email. You can use the code to login. The code is valid only for one session.

Note: If you have trouble logging in, contact support using the chat icon (