OneSignal Help & Documentation

Welcome to the OneSignal New IA developer hub. You'll find comprehensive guides and documentation to help you start working with OneSignal New IA as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    Discussions

2-Step Authentication

What is Two-Step Authentication

Two-Step Authentication provides an additional authentication layer to ensure only you can access your OneSignal account.

In addition to your email address and password or OAuth, Two-Step Authentication requires you to install an authenticator app such as Authy on your personal mobile device. When you log in to OneSignal, you will be prompted for a verification code generated by the authenticator app to access your OneSignal account.

How to set up Two-Step Authentication on OneSignal

Step 1: Login

New Registrations

  • Sign up with your email address and password or with your OAuth provider.
  • Access the “Two-Step Authentication” section from the OneSignal Account Management page.
  • Click “Enable”
  • Follow Step 2

Existing users

  • Access the “Two-Step Authentication” section from the OneSignal Account Management page.
  • Click “Enable”
  • Follow Step 2

Step 2: Setup Authenticator App

  • Download an authenticator app on your personal mobile device
  • From the authenticator app, Scan the QR code or enter the Secret Key displayed on OneSignal set up screen
  • Enter the six-digit verification code from the authenticator app on OneSignal setup screen

Step 3: Recovery Codes

Upon successful set up of an authenticator app, OneSignal will generate a set of 10 recovery codes. These codes can be used to login to your account if you don't have access to the authenticator app.

Note: For security purposes, OneSignal will display the recovery code only once. Please download or copy these in a safe place. In case you lose the recovery codes, you can generate a new set, invalidating the old recovery codes, from the Account Management page.

New Login Flow after Two-Step Authentication is Enabled

  • Enter email address and password or OAuth AND
  • Enter the authentication code from the app OR Enter one of the recovery codes OR
  • Contact Support for help

Enforce Two-Step Authentication for your Organization

Navigate to Organizations > Your Organization > Roles

From the Organization Roles tab, Org-level admins can:

  • View login method and two-step authentication status for all users
  • Change the organization-wide Two-Step Authentication policy to
    Default: Allow users to select their own, individual login method, with or without the two-step authentication
    Recommended: Require Two-Step Authentication for all users. Mandatory Two-Step Authentication at an org-level will force all users to enable two-step authentication before they can log in to OneSignal the next time.

Note: Org-wide policy enforcement with a single-click is only available to paid accounts.

What do different icons under login method column mean?

FAQ

What if I am locked out of my account?

  • I don’t remember my login password.
    The process to reset your forgotten password is still the same.

  • I don’t have access to the authenticator app.
    Use one of the recovery codes generated on successful Two-Step Authentication setup

  • I don’t remember recovery codes.
    Please contact OneSignal Support to unlock your account with a one-time code. Please generate a new set of recovery codes on successful login and keep them safe.

How do I disable Two-Step Authentication?

Access Two-Step Authentication settings on the OneSignal Account Management page. Click on “Disable”.
Note: Users will not be able to disable Two-Step Authentication if any of the organizations they are part of enforces it.

How do I generate new recovery codes?

Access Two-Step Authentication settings on the OneSignal Account Management page.
Click on “Generate New Recovery Codes”.

OAuth Login

Customers using third-party OAuth login methods (Facebook, Google, Github, etc) can enable Two-Step Authentication on Onesignal following the same process.

Supported Authenticator Apps

We recommend using Authy, but any authenticator app that supports a Time-based One-time Password (TOTP) mechanism, including Google authenticator, Microsoft authenticator, etc. can be used to set up Two-Step Authentication on OneSignal.

Updated 6 days ago


2-Step Authentication


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.