2-Step Authentication provides an additional authentication layer to ensure only you can access your OneSignal account.

In addition to your email address and password or OAuth, 2-Step Authentication requires you to install an authenticator app such as the Google Authenticator App or Authy on your personal mobile device. When you login to OneSignal, you will be prompted for a verification code generated by the authenticator app to access your OneSignal account.

Enable 2-Step Authentication

Login or sign up on onesignal.com with your email address and password or with your OAuth provider. If you already setup 2-Step Authentication, use the recovery codes to login.

Head to https://onesignal.com/profile or click the bottom-left Icon > Account & API Keys.

Under 2-Step Authentication click Enable or Reconfigure if setup previously.

Setup 2-Step Authentication

Step 1. Download Authenticator App

Download an authenticator app on your personal mobile device. Here are some common options, but any authenticator app will work:

• Google Authenticator App for Android or iOS
• Microsoft Authenticator App for Android or iOS

Step 2. Setup Authenticator App

Within the authenticator app, you should have options to either scan the QR code or enter the Secret Key displayed on OneSignal set up screen.

If you need to enter the secret key (aka setup key), click the "+" or "Add" or "Enter a setup key" button on the Auth App.

In the Auth app, enter your account as "OneSignal_[EMAIL_ADDRESS]" or whatever helps you remember that this is for OneSignal and the specific email. Input the code that we have sent you.

Your setup should be successful and you can use the 6 digits generated by the app for the 2FA login.

Step 3. Login to OneSignal

On the OneSignal dashboard, enter the six-digit verification code from the authenticator app. If the six-digit code doesn't work, wait 30 seconds for the new one to generate and try again.

Step 4. Recovery Codes

Upon successful set up of an authenticator app, OneSignal will generate a set of 10 recovery codes. These codes can be used to login to your account if you don't have access to the authenticator app.

📘

Save your codes!

For security purposes, OneSignal will display the recovery code only once. Please download or copy these in a safe place. In case you lose the recovery codes, you can generate a new set, invalidating the old recovery codes, from the Account Management page.

👍

2-Step Authentication Setup Complete!

You can continue below to enforce 2-Step Authentication for everyone in your Organization.

Enforce Two-Step Authentication for your Organization

You must be an Organization Admin to do this. See Manage Team Members for details.

After enabling 2-Step Authentication for yourself first, navigate to Organizations > click your Organization.

Under Team Members > Security you can Enable 2-Step Authentication for everyone in your Organization.

You will be presented with a screen. Select Require 2-Step Authentication for all users if you want all users to use this. Then Continue.

👍

Organization 2-Step Authentication Setup Complete!

When you invite others to the OneSignal App or Organization with this enabled, they will be prompted to setup 2-Step Authentication.

Reset 2-Step Authentication Code

See above Enable 2-Step Authentication for details.

If you are having login errors, see Why can't I login? If you are are locked out of the account, see What if I am locked out of my account?

Disable 2-Step Authentication

See above Enable 2-Step Authentication for details.

Under 2-Step Authentication section and click Disable.

Click Disable 2-Step Authentication on the warning prompt.

🚧

Unable to Disable 2-Step Authentication

If you were unable to disable 2-step authentication using the above method, please contact your organization administrator, as 2-step authentication may be enforced at an organizational level, preventing you from disabling it. If this is not the case, please contact OneSignal support for guidance.

FAQ

Why can't I login? or Error: Failed to configure OTP. Please try again.

Please check the following:

• Wait 30 seconds for new codes to generate and try again with the new codes
• Turn off AdBlocker and CORS Unblock Extensions, whitelist .onesignal. if you need to
• If using Opera Browser. Go to Settings > Privacy Protection and toggle off "Block Trackers"
• Hard refresh the page
• Try a different browser

If you are still having issues, please contact [email protected] with the email you use to login and cc another team member with access to your account if you have one.

What if I am locked out of my account?

1. Email [email protected] cc'ing another team member and ask for your recovery keys. If you have no other team member, be ready to provide details about your account for verification.
2. After verification, OneSignal will provide you new codes. You can then login again.

What if I don’t remember my login password?

The process to reset your forgotten password is still the same.

What if I don’t remember recovery codes?

Please contact OneSignal Support to unlock your account. Please generate a new set of recovery codes on successful login and keep them safe.

How do I disable Two-Step Authentication?

Access Two-Step Authentication settings on the OneSignal Account Management page. Click on “Disable”.
Note: Users will not be able to disable Two-Step Authentication if any of the organizations they are part of enforces it.

How do I generate new recovery codes?

Access Two-Step Authentication settings on the OneSignal Account Management page.
Click on “Generate New Recovery Codes”.

OAuth Login

Customers using third-party OAuth login methods (Facebook, Google, Github, etc) can enable Two-Step Authentication on Onesignal following the same process.

Supported Authenticator Apps

We recommend using Authy, but any authenticator app that supports a Time-based One-time Password (TOTP) mechanism, including Google authenticator, Microsoft authenticator, etc. can be used to set up Two-Step Authentication on OneSignal.

Does OneSignal have Okta Support?

Okta has us featured on their website for SWA Capabilities

Here is some of Okta's SWA docs that might be helpful.

What do different icons under login method column mean?