Enable Two-Factor Authentication for Specific Employee Roles

To best protect the data you have stored in Personio from unauthorized access, you can enable 2-factor authentication for any employee role via Settings > People > Employee Roles by choosing a specific role and clicking on Security.

Note If 2-factor authentication is enabled for an employee role, all employees assigned to that role must, in addition to their email address and password (knowledge, 1st factor), enter a token generated on their mobile device (possession, 2nd factor) when they log in.

Your employees need to follow these steps to successfully enable 2-factor authentication:

1. Download the Google Authenticator app to your cellphone.
2. Open the app.
3. Go to Personio at domainname.personio.com/login and log in with your email address and password.
   
   

4. A barcode will then be generated. In the app, select Scan barcode and point your camera at the barcode on the computer screen.

5. Then enter the token that was generated in the Google Authenticator app.
   

This activates your device and enables 2-factor authentication.

Tip If you want to move the Google Authenticator app to a new device, you will find all of the necessary information here.