Create an admin account on the Journalist InterfaceΒΆ

In order for any user (administrator or journalist) to access the Journalist Interface, they need:

  1. The auth-cookie for the Journalist Interface’s ATHS
  2. An account on the Journalist Interface, which requires the following credentials to log in:
    • Username
    • Password
    • Two-factor authentication code

You should create a separate account on the Journalist Interface for each user who needs access. This makes it easy to enable or disable access to the Journalist Interface on an individual basis, so you can grant access to new users or revoke access for users who have left the organization or should no longer be allowed to access the Journalist Interface.

There are two types of accounts on the Journalist Interface: admin accounts and normal accounts. Admins accounts are like normal accounts, but they are additionally allowed to manage (add, change, delete) other user accounts through the web interface.

You must create the first admin account on the Journalist Interface by running a command on the Application Server. After that, the Journalist Interface admin can create additional accounts through the web interface.

To create the first admin account, SSH to the Application Server, then:

sudo su
cd /var/www/securedrop
./manage.py add-admin

Follow the prompts.

A secure diceware passphrase will be generated by manage.py. You will see output like this:

This journalist's password is: delivery propose requisite stunner dragonfly unstamped stowaway

Passphrases include the spaces between the words, but not leading or trailing whitespace. Be sure to save this passphrase in the appropriate KeePassX database.

Once that’s done, you should open the Tor Browser TorBrowser and navigate to the Journalist Interface’s .onion address. Verify that you can log in to the Journalist Interface with the admin account you just created.

For adding more user accounts, please refer now to our Admin Interface Guide.