User Accounts

How to set up user accounts, 2FA and SSO in XTC.

Creating a User Account

To use Xceptance Test Center, you need a user account. You can easily sign up on https://xtc.xceptance.com/. You will be prompted to enter your name, mail address and password. Alternatively, you can sign up using your Google or Microsoft account.

After the successful registration, XTC will send you an email to the given address, asking you to confirm the registration. You will be able to log in to XTC as soon as you confirmed.

Currently, your role and projects will be assigned by Xceptance. This will change in the future.

Notifications

XTC users will get notified by email whenever their membership in a project or organization has changed:

Account Management

XTC enables you to manage your account information. After logging in, click your avatar on the right side of the header and go to My Account.

The My Account view contains two tabs: Profile and Security.

In Profile you may update your profile information such as your first and last name, your phone number (which may be useful for receiving monitoring notifications), and you can also upload an avatar/profile picture.

In Security you can update your login data: to set a new e-mail address or password for your account, you need to enter the new data twice and confirm this with your current password. (If you are using an external provider for authentication and have not set up an additional XTC password for your account, entering the password will not be necessary, and you will only be able to update your account’s e-mail address.)

In addition to securing your account with a regular password, you may set up time-based one-time passwords (TOTP) as a second factor (2FA) here.

External login providers for this account will be listed here and if you want to switch from internal authentication to using an external provider, you can connect your XTC account to an external login provider here.

Organization admins may impose mandatory login requirements on users of their organization. They may require users to be authenticated using specific login providers or 2FA. Read more about this here.

Two-Factor Authentication (2FA)

It is possible to secure your XTC account not only with a regular password, but also with a second factor. Currently, XTC supports time-based one-time passwords (TOTP) as the second factor. Use apps like Twilio Authy or Google Authenticator on your phone to generate such passwords. 2FA is optional at the moment, but we recommend that you set up 2FA for your account right now.

To enable 2FA for your XTC account, go to My Account > Login Data. In the section Two-Factor Authentication, click the button Enable Two-Factor Authentication and follow the instructions to set up your preferred TOTP app on your phone. When this is done and you want to sign in to XTC again, you will first have to enter your regular password as usual, but afterwards you will now be prompted to enter the second factor, a one-time password. Use your TOTP app to generate that one for you.

If you later need to disable 2FA, simply click the button Disable Two-Factor Authentication and confirm with your password and a valid one-time password generated by your TOTP smartphone app (or a valid recovery code).

XTC system administrators are required to have 2FA enabled for their local XTC account.

2FA Recovery Codes

XTC allows you to create new 2FA recovery codes at any time. Use this feature if you lost your recovery codes or used them all up. To create new codes, go to My Account > Security > Two-Factor Authentication, click the button Reset Recovery Codes and follow the instructions. The 2FA setup on your authentication device will not be affected.

External Login Providers (SSO)

XTC supports authenticating users using their Google or Microsoft accounts. This allows users to use their existing Single-Sign-On accounts without having to remember additional login credentials.

Sign Up Using an External Provider

To sign up with your Google or Microsoft account click on the appropriate button in the registration form. This will forward you to your preferred provider to log in.

Registration form with buttons for external login providers

Upon return XTC will continue the signup process by requesting additional information like your full name and email address. After confirming, you will receive a validation email to the given address to complete the signup, before your account can be activated.

Registration details form pre-filled with data from the login provider

Connecting Existing XTC Accounts to an External Login Provider

If you already have an existing XTC account, you can connect it to an external login provider in order to use your existing Single-Sign-On account instead of previously defined XTC login credentials.

  1. Click on your avatar in the top right corner and go to “My Account” > “Security”.

  2. Edit the “Single Sign-On” section by clicking on the pen icon.

  3. Select your preferred login provider via the appropriate button.

    UI to connect existing accounts to external providers. The user in the example is already connected to a Google account. Therefore the Google button is disabled.

    XTC will redirect you to your provider to complete the login process. Upon return your XTC account will be connected to your external provider.

Login Using an External Provider

If your user account is set up to use SSO (see above for how this is done) you can log in using external login providers:

Login form with buttons for external login providers

To log in using either your Google or Microsoft account click on the respective buttons in the login form. This will forward you to your login provider and perform authentication there.

Removing the Binding to an External Login Provider

XTC allows you to remove the binding of your account to an external login provider and go back to authentication by username/password. To do this, your account needs a password first.

To then unbind your SSO account and only use the newly created password for future logins,

  1. Click on your avatar in the top right corner and go to “My Account” > “Security”.
  2. Edit the “Single Sign-On” section by clicking on the pen icon.
  3. Click Remove External Login Provider. You will be prompted to enter your password to confirm this action.
Last modified October 16, 2023