There are two main ways to login to your workspaces.

Roughly said, to workspaces with a Web User Interface the preferred way of logging in is Time-Based One Time Password (TOTP), which also implicates two factor authentication.

On the other hand, Workspaces with a Command Line Interface can be accessed via SSH.


When following along with one of these step-by-step guides, make sure that you have a running workspace (see How to get on board).

Workspace Access to Jupyter Notebooks through SRAM

To log in to a Jupyter Notebook workspace you can just use the same credentials as you use for the Research Cloud portal.

Most probably these are your institute's credentials - or EduID.

Workspace Access with TOTP

Preinstalled services like web access (e.g. R-studio, Jupyter Notebook) or other login services (Windows, Ubuntu Desktop) that require a username and password can be accessed by using a "time-based one time password" (TOTP).

On the "Profile" tab of the Research Cloud portal you can review your username:

Click on the three stacked dots ("ellipse") in the upper right of the profile display card.

Select "Reset Time based password" and scan the displayed QR code with an authentication app on your smartphone.

(Google Authenticator or Authy work fine.)

Now your smartphone app will provide you with a temporary number code that you can fill in in the workspace's login screen.

Go to your workspaces overview on your Research Cloud Dashboard page and select a workspace with a web interface (like R-Studio, Jupyter Notebook etc.).

Extend the workspace-display by clicking on the downward arrow on the right.

Then, on the lower right, click on the "ACCESS" button.

In a new browser tab, you will be presented with a login dialog (example is for a R-Studio workspace):

The username is the username that is given on your "Profile" tab in the Research Cloud portal.

The password is generated by your smartphone's authentication app.

That way, you can access your workspace through your browser.

Accessing a Windows workspace

Accessing a Windows workspace follows the same pattern as the other applications using TOTP.

The only other thing that is required is a Remote Desktop Protocol (rdp) client on your local computer.

  • If your local computer is running Windows, you already have one built-in (look for "rdp").
  • On a Mac, you can install "Microsoft Remote Desktop".
  • For Linux, several applications can be installed - e.g. "Remmina".

If the access button does not work directly, just copy/paste the workspace's ip address into the rdp client and it should work. While adding a workspace to the RDP client always choose to put your username in the options. This forces the RDP client to use our custom windows credential provider. This credential provider allows you to login with your Research Cloud username and the TOTP password. That way, the procedure is the same as the login with TOTP that is described above. 

For standard catalog items the basic access doesn't give administrator rights. Please add users who need administrator rights to the "src_co_admin" group of the Collaborative Organisation in SURF Research Access Management as described here: Flag a CO-member as SRC administrator.

For more explanation about these steps please watch this video that demos the login procedure to a Windows workspace: Windows login [4:14]

Authentication from a local Windows computer

Some users with local Windows computers use the Authy desktop application to log in with TOTP.

With Authy, you probably don't see the code that has to be filled in for authentication.

In this case consider to use the open source WinAuth application where right-clicking the displayed QR code suffices:

To couple the Authy Desktop app, paste the image link into the form there and click "verify authenticator":

TOTP and sudo/administrator access

Windows-, and some Linux-workspaces are configured such that only members of the src_co_admin group can get administrator or sudo access.

When you are prompted for your password to use your administrator/sudo rights, you fill in the TOTP password that is generated by your authenticator app.

Workspace access with SSH

SSH access is needed if your workspace has no desktop or web-interface. Or if you want to use the scp command to upload and download data to and from your workspace.

You will need a private/public key-pair to use ssh.

A private/public key-pair is created on your local computer an allows you to identify that device to other services and devices.

The private key will always stay on your device, the public key can be put on other devices to prove the identity of your local device.

If you are using more than one local device, you create one key-pair for each device. You can submit multiple public keys for ResearchCloud. ResearchCloud automatically copies your public key to any workspace you are entitled to log in to.

At least one portal-login required

Any user of the collaboration is entitled to log in to a workspace.

However, users must have logged in to the Research Cloud portal at least once.

( )

Otherwise their public key will not be present on the machine.

We will explain these three steps that will get you logged in:

  1. Create a private/public key-pair on your local computer - if you don't have one, yet. This is a one-time action.
  2. Add the public key into SRAM. (You only have to do that once, too.)
    This will set your public key into your profile.
  3. Access the workspace with SSH.
    Use your favourite/available own SSH client to connect to your workspace.

1. Create a private/public key-pair

When creating your private/public key-pair, it does not matter much which OS your local computer is running.

If you choose the right terminal-application:

Linux and Mac

When you are working from a Linux machine, the SSH commands are already installed and ready to be used from a terminal.

On a Mac the SSH command is also available by default.

Windows 10 or Windows Server 2019

If your local computer runs Windows 10 or Windows Server 2019, SSH is supported, too.

Use a Powershell terminal to issue ssh commands.

You can generate a private/public keypair with:


Just use all the defaults by hitting enter directly, or do enter a passphrase if you wish.

To find the public key file, check the screen output of this command.

The location of the *.pub file is given there.

Use the RSA format

We advise you to use a key-pair of the RSA format. If you have a key of a different format, you can create another one that is based on RSA.

Most key generators use RSA as the default format.

When the text of your public key starts with "ssh-rsa" your key-pair is in the RSA format.

2. Add public key in SRAM. (only has to be done once for a key)

To SSH login to your workspace you have to add your public SSH key into you account. It needs to be added to the SRAM authentication website.

  1. Open the SRAM page :
  2. In the top right click on the "Login" button to login.
  3. Enter your mail address to be redirected to your SSO login page. (Depending on your institute and identity provider this page can be different for different users)
  4. When you are logged in, click on the downward arrow next to your name in the top right of the page. Select the "Profile" menu item.
  5. In the SSH public key field, you can enter your public key from your local public key file. We recommend to use the file upload button for this in order to prevent copy-paste errors. (See the illustration below.)
  6. Click the "Update" button at the bottom of the page.
  7. The update of the public key can take up to 5 min to take effect in Research Cloud.

Putting your private key in your SRAM-profile

Access the workspace with your SSH-client

There are several ssh clients to access your workspace and you can use the one you like as long as it supports public keys.

As soon as you generate a new key-pair on your local computer using the same name, the public key that you have submitted here and your local key will not match, anymore. Make sure that you update the public key when the key on your local computer has changed.

3. Log in with ssh

In your terminal application (or Powershell window) type:

ssh <ResearchCloud username>@<workspace ip address>

The ResearchCloud username is given on the "Profile"-Tab of the ResearchCloud portal page.

The ip-address of the workspace is displayed on the (extendable) display tile of the workspace in the main ("Dashboard") tab.

More info on ssh on Windows

If you want to read more on ssh on Windows you can check here:

You only have to install and configure the SSH client.

(In the case of Research Cloud, the "server" is the workspace you will log in to and SSH is already installed, there.)

Workspace access with SRAM

SURF Research Access Management (SRAM) is a service to manage access to research resources, intended for Dutch led research collaborations.

Jupyter Notebook workspaces that are created after 18st of January 2024 can be accessed using SRAM.

To access a workspace based on SRAM authentication select your institute (or EduID) and follow the instructions on the screen.

Older Jupyter Notebook workspaces or earlier derivates of the Jupyter Notebook catalog item still require TOTP. (See above for TOTP)

You can add SRAM authentication to your own custom-made catalog item. For that, see the page Catalog item with SRAM login.