In order to use balena and deploy code to devices you will need a balena account.
If you don't already have an account head over to our signup page. You can sign up with a GitHub or Google account or via an email address. When you create your account, you will be asked to create a password for the account. Your password needs to be at least 8 characters long.
If you forget your password, you may request to reset it via the password reset page. Enter the email address associated with your balenaCloud account. If the email address has an associated account, a password reset link will be sent to that address. Following the link, you will be able to enter a new password.
Add a password to social login
To add a password to an account created with a social login (Google, Github), navigate to the Preferences page found by clicking on your profile in the top right of the dashboard. Under the Account details tab you can set a password for your account.
Access tokens are used for authentication in the balena API, CLI, and Node.js and Python SDKs. They are managed in the Access tokens tab of the Preferences page, which can be found via the dropdown menu in the upper-right corner of the dashboard:
There are two types of access tokens: session tokens and API keys. Both authentication types provide user-level permissions, meaning any user or application with one of these tokens can make changes across devices, fleets, and the user account.
Session tokens are retrieved from the Preferences page, and they can be refreshed with the API. These tokens expire after seven days, and they cannot be revoked.
API keys are named tokens that do not expire and can be revoked as needed. To create a new API key, make sure you are in the Access tokens tab of the Preferences page, then select Create API key:
You'll see a required field for Token name, as well as an optional field for Token description:
When you click Create token, you will see a dialog with the new API key:
Warning: This is your only opportunity to see the key, so make sure to download or copy to a secure location!
After you close the dialog, you'll see your API key in the list, complete with name, date of creation, and description:
To revoke one or more API keys, select the boxes to the left of the tokens you wish to remove, then click Delete selected:
When a fleet needs to be shared with more than one user, the fleet owner can add new members. With paid accounts, it's possible to assign a level of access for a new member, based on the following types:
|Member Type||Add members||Delete App||Add/Remove device||Manage provisioning keys||Device specific actions||Tags||Variables||SSH access||Push||Configuration||[Fleet specific actions][fleet-actions]|
A new fleet in balenaCloud can only be created by an administrator of an organization. Administrators are the only users who can add other fleet members or delete the fleet. Learn more about the administrator role in an organization.
Observers are given read-only access to the fleet and its devices. They are not able to modify, add, or remove any devices, nor are they able to perform device actions. This role can only be assigned by fleet owners on paid plans.
Operators have all the access given to observers, plus the ability to manage a fleet's devices. This means operators can add and remove devices, generate & revoke provisioning API keys, perform device actions, and modify device tags, metadata, and environment variables. Operators also have full SSH access to the fleet's devices. This role can only be assigned by fleet owners on paid plans.
Developers are given, in addition to the access provided to operators, the ability to manage fleet software. This includes creating new releases, modifying fleet variables, and downloading balenaOS images. This role is the closest to a fleet owner—developers can do everything owners can except for deleting the fleet or adding new members. The Developer role can be assigned by fleet owners on free or paid accounts, and it is the only role available for Starter fleets.
Add a fleet member
To add a new member to your fleet, click on the Members tab of the fleet:
This brings up a list of all fleet members, if any have been assigned. Click on the Add member button in the top left:
The Add member dialog has a dropdown with descriptions of the member types, as well as information about which types are available based on your billing plan. Choose a level of access, then enter the username or email address of the new member:
Note: Fleet members must have already signed up for a balena account before they can be added to a fleet.
After you click Add, you will see the username of the new member in the list. From here, you can edit access levels or remove the user if necessary:
All users that have been added to a fleet will see that fleet in their dashboard, with an indicator to designate it has been shared by the fleet owner:
Fleet members will have the option to remove themselves from a fleet by clicking on the members tab. Selecting their name from the member list, clicking on the Actions tab and selecting delete member.
Warning: If you remove your member access to an fleet, you will not be able to undo the action. Only the fleet owner will be able to restore your access.
We offer the option to enable Two-factor Authentication - this is a feature that prompts you to input a code from your smartphone/computer in addition to your password, providing an additional layer of security for your account.
Note: We use the industry standard Time-based One-time Password Algorithm to implement this functionality.
Enabling Two-factor Authentication
Sign up for an account (or log in if you already have one) and go to your preferences page. From here, click on the Two-factor Authentication tab then click Enable two-factor authentication to enable:
Next, you will be shown a QR code and prompted for a pairing code as shown below:
Note: Two-factor authentication will only be enabled once you have finished configuring it against your smartphone/computer, so no need to worry about logging out before finishing the configuration then not having access to your account!
In order to use your phone/computer as your added layer of security you will need to download a free authenticator app. There are many available, but one that works well and has been successfully tested against balena is Google Authenticator - download it for Android or iOS.
Once installed, navigate to the barcode scanner:
Note: The Android app is shown here - if you already have accounts installed, tap the 3 vertical dots in the top right-hand corner and select 'Set up account', otherwise you should be given the option when you first start the app.
When you tap the option to scan a barcode your phone will turn on your camera and all you need to do to pair with your account is to simply point it at the QR code displayed on your monitor.
Once configured, you'll see a 6 digit generated code with a graphic beside it indicating a countdown. Once the countdown expires, the code becomes invalid:
Next, you'll need to input the displayed code into the 'Pairing code' input on the preferences page. If successful, you will be shown recovery codes that may be used in the event that you cannot access your two-factor authentication app. These codes should be downloaded and stored in a safe place.
Once you've downloaded your recovery codes and clicked OK, the next time you log in, you will be prompted for the code displayed in your authenticator app after you've input your username and password. Enjoy your added layer of security!
To disable two-factor authentication, visit the Two-factor Authentication tab of the Account Preference and click Disable two-factor authentication. You will be prompted for your account password before it is disabled.
List of verified authenticator apps