Enabling Two-Factor Authentication for Specific Employee Roles


To best protect the data you have stored in Personio from unauthorized access, you can enable 2-factor authentication for any employee role via Settings > Employee roles > Security.


If 2-factor authentication is enabled for an employee role, all employees assigned to that role must, in addition to their email address and password (knowledge, 1st factor), enter a token generated on their mobile device (possession, 2nd factor) when they log in.


Enabling 2-Factor Authentication

Your employees need to follow these steps to successfully enable 2-factor authentication:

    1. Download the Google Authenticator app to your cellphone.
    2. Open the app.
    3. Go to Personio at domainname.personio.com/login and log in with your email address and password.

    4. A barcode will then be generated. In the app, select Scan barcode and point your camera at the barcode on the computer screen.

    5. Then enter the token that was generated in the Google Authenticator app.


This activates your device and enables 2-factor authentication.

If you want to move the Google Authenticator app to a new device, you will find all of the necessary information here.


Can't find what you're looking for?

We are happy to help you! Just write us a message with your questions and we will get back to you as soon as possible.

Submit a request



Article is closed for comments.

    Topics of this article