This article explains how to enable two-factor authentication (2FA) in Personio for specific employee roles, and how employees can set it up in their mobile device.

If two-factor authentication is enabled for an employee role, all employees assigned to that role must, in addition to their email address and password (knowledge, first factor), enter a token generated on their mobile device (possession, second factor) when they log in.

Enable two-factor authentication in Personio

To better protect the data you have stored in Personio, you can enable two-factor authentication for any employee role in Personio. Follow these steps:

1. Go to Settings > People > Employee Roles.
2. Select a specific role and go to the Security tab.
3. Tick the checkbox next to Enable two-factor authentication.

Note
It is not possible to enable two-factor authentication for the role "All employees".

Set up two-factor authentication on your mobile device

Tip
We recommend using Google Authenticator for two-factor authentication, but you can use any other authenticator app.

Employees need to follow these steps to successfully set up two-factor authentication:

1. Download the authenticator app of your choice to your mobile device.
2. Open the app.
3. Go to Personio at "companyname.personio.com/login" and log in with your email address and password.
   
   

   

4. A barcode will then be generated. In the app, select Scan barcode and point your camera at the barcode on the computer screen.

5. Enter the token that was generated in the authenticator app.
   

This activates two-factor authentication on your device.

Tip
Learn how to move Google Authenticator to a new device.