This article explains how to enable two-factor authentication (2FA) in Personio for specific employee roles, and how employees can set it up in their mobile device.
If two-factor authentication is enabled for an employee role, all employees assigned to that role must, in addition to their email address and password (knowledge, first factor), enter a token generated on their mobile device (possession, second factor) when they log in.
Enable two-factor authentication in Personio
To better protect the data you have stored in Personio, you can enable two-factor authentication for any employee role in Personio. Follow these steps:
- Go to Settings > People > Employee Roles.
- Select a specific role and go to the Security tab.
- Tick the checkbox next to Enable two-factor authentication.
It is not possible to enable two-factor authentication for the role "All employees".
Set up two-factor authentication on your mobile device
We recommend using Google Authenticator for two-factor authentication, but you can use any other authenticator app.
Employees need to follow these steps to successfully set up two-factor authentication:
- Download the authenticator app of your choice to your mobile device.
- Open the app.
- Go to Personio at "companyname.personio.com/login" and log in with your email address and password.
A barcode will then be generated. In the app, select Scan barcode and point your camera at the barcode on the computer screen.
- Enter the token that was generated in the authenticator app.
This activates two-factor authentication on your device.
Learn how to move Google Authenticator to a new device.