We are enhancing the Personio platform!
These improvements are aimed at providing a smoother and more secure experience. As part of our commitment to enhancing user experience, these updates focus on improving access and usability for all users.
Note:
If employees use a password manager to log in, they might need to update the Personio URL. Changes to the login system might stop the password manager from recognizing the login page. We recommend adding the new URL (login.personio.com) alongside the original URL (hostname.personio.de) to make sure the password manager continues to work during the migration period.
| When? | What? |
|---|---|
| January 2025 | Updates for Google SSO users:
|
| March 2025 | Updates for other SSO users:
|
| March 2025 | Migration period from .de to .com. |
| Q2 2025 |
Updates for users for OAuth not enforced and email/password users:
|
Migration to Personio's .com domain
Personio is migrating its primary web domains from .de to .com. Users can continue to access their Personio accounts with .de and will experience automatic redirection to new web addresses. Email domains used for Personio's customer communication will also be updated with automatic redirection. There is no impact whatsoever when it comes to existing integrations of customers or customer data storage.
Improved authentication process
We are improving our authentication process to provide a more flexible and secure login experience without compromising usability.
During this transition, we will introduce a comprehensive overhaul of authentication settings. We will also add new functionalities, further optimizing your login experience. We've designed these enhancements to make the process more intuitive and secure.
What this means for you
- Improved user interface: Expect a modernized design that makes navigation more straightforward.
- Enhanced security: We continue our commitment to securing your login information with state-of-the-art technologies.
- Seamless experience: We will implement changes to minimize disruption.
Google SSO
In January 2025, Google SSO users will notice improvements to their login interface. The process will redirect from domain.personio.de to login.personio.de, ensuring a streamlined login experience. The login page will feature slight design enhancements to improve usability. The language will adjust to match the user's browser settings based on the available language options. Administrators will temporarily be unable to change the authentication configuration, as this process will move offline for improved security. For any changes during this period, please contact support or your Customer Success Manager (CSM) or Account Manager.
OAuth SSO enforced
From February 2025, customers using their own SSO systems through OAuth will experience similar user interface improvements to Google SSO users. There will be significant updates to the settings page to support new integration features and processes. The login and OAuth configuration pages will also receive visual updates. Administrators will temporarily be unable to change the authentication configuration, as this process will move offline for improved security. For any changes during this period, please contact support or your Customer Success Manager (CSM) or Account Manager.
Update authentication configuration
- Keep your existing Callback URI in your OAuth provider settings.
- You also need to add the following Callback URLs to your OAuth provider settings. The settings field usually has the name "Redirect URI" or "Allowed Callback URLs."
- Include the issuer and JWKs URI fields in your authentication configuration.
OAuth not enforced and email/password
For users with OAuth not enforced and email/password logins, we are planning updates for early 2025. These changes will focus on enhancing the login experience. We will communicate the details once we finalize them. Our goal is to streamline the process while maintaining high-security standards.
Update authentication configuration
- Keep your existing Callback URI in your OAuth provider settings.
- You also need to add the following Callback URLs to your OAuth provider settings. The settings field usually has the name "Redirect URI" or "Allowed Callback URLs."
- Include the issuer and JWKs URI fields in your authentication configuration.
Impact on mobile app users
The migration to Auth0 will impact the Personio mobile app, requiring users to log in again. As part of implementing a new, faster, and more secure authentication method, we will temporarily sign out users to update access tokens. The new system will make logging in quicker and more secure than before. We appreciate your patience during this transition.
Email/password login
For users who log in with an email and password, we are introducing several updates to enhance security and usability. These include improvements to the login process, such as clearer error messages and better handling of session timeouts. Additionally, we are redesigning system-generated emails with a modern look and support for themes.
Passwords
Passwords will require at least 10 characters for enhanced security. The "Forgot Password" process will include clearer confirmation screens, and enforced password resets (every 90 days) will happen directly during login instead of on the Manage Account page. Employees will no longer be able to set a new password through the Manage Account page and must request a reset link through email.
Two-factor authentication (2FA)
We’ve updated the 2FA interface to make it more user-friendly, including better guidance for troubleshooting QR code scanning issues. Users can now choose to receive authentication codes through email as a backup option instead of using an authenticator app.
Login security measures
After entering the wrong password three times, users will be able to reset their password by clicking "Forgot Password" or unlock their account using a link sent to their email. If there are multiple failed login attempts from the same IP address, the IP will be blocked. Customers will need to contact support to have it unblocked.