2-step authentication
Secure your OneSignal account with Two-Factor Authentication (2FA) by requiring a time-based verification code from an authenticator app in addition to your email and password or OAuth credentials.
Overview
Add a critical layer of security to your OneSignal dashboard by verifying your identity through an authenticator app. Once enabled, logging into OneSignal will require a time-sensitive 6-digit code from the app.
Setup
Download an authenticator app
Install one of the following authenticator apps on your mobile device:
- Google Authenticator (recommended): Android | iOS
- Microsoft Authenticator: Android | iOS
- Authy: authy.com
Enable 2-step authentication
Sign in to your OneSignal account
If you already have 2FA enabled and are locked out, see I lost my recovery codes.
Go to Account Management
Navigate to Account Management or click your email drop-down > Manage Account.
Enable or reconfigure 2-step authentication
Scroll to the 2-Step Authentication section and click Enable (or Reconfigure if already set up).
Enable 2-Step Authentication
Set up your Authenticator App
Scan QR code or enter key manually
On the “Enable 2-Step Authentication” setup screen, scan the QR code using your authenticator app or manually enter the Secret Key.
Reconfigure 2-Step Authentication
If entering manually, tap Add Account, choose “Enter a setup key”, and name it something memorable like OneSignal_[your_email].
Reconfigure 2-Step Authentication
Reconfigure 2-Step Authentication
The app will now generate a 6-digit code every 30 seconds.
Login with auth code
- In OneSignal, enter the current 6-digit code from your auth app.
- If the code fails, wait 30 seconds and try the next one.
- If the code still fails, check that you entered the key correctly and try again.
Recovery codes
After successful setup, OneSignal will display 10 recovery codes. These codes can be used to access your account if you lose access to your authenticator app.
Recovery codes are shown once only. Save or download them securely. If lost, generate a new set via your account settings to invalidate the previous ones.
Download your recovery codes!
Enforce 2FA for all team members
To enforce 2-step authentication across your organization:
You must be an Organization Admin.
See Team members for details.
Navigate to your Organization.
Navigate to your Organization
Under Team Members > Security, click Enable.
Organization-wide enforcement of 2FA
Select Require 2-Step Authentication for all users, then click Continue.
Require 2-Step Authentication for all users of your apps.
Future invitations to the organization or apps will require users to set up 2FA before accessing.
Disable or reconfigure 2FA
You may not disable 2FA if your organization requires it. Contact your Organization Admin or OneSignal Support if needed.
Follow the steps to Enable 2-step authentication and if enabled, you will have the option to disable or reconfigure.
Troubleshooting & FAQ
I lost my recovery codes
Email support@onesignal.com and cc one of your team members that can verify you.
If you don’t have any other team members with access to the OneSignal app, our Support Team will assist with other options.
Why can’t I log in or see “Failed to configure OTP”?
Try:
- Waiting for the next 30-second code cycle
- Disabling browser extensions (AdBlock, CORS)
- Whitelisting
*.onesignal.com - Disabling Opera’s “Block Trackers”
- Hard refresh
- Trying another browser
Still having issues? Email support@onesignal.com and cc a team member that can verify you.
I forgot my password
Can I use OAuth with 2FA?
Yes, follow the same setup flow after logging in via OAuth
Which authenticator apps are supported?
Any TOTP-compatible app (Authy, Google Authenticator, Microsoft Authenticator, etc.).
Does OneSignal support Okta?
Yes. See OneSignal on Okta and Okta SWA setup guide.
What do the login method icons mean?
Login method icon definitions.
2-step authentication
Secure your OneSignal account with Two-Factor Authentication (2FA) by requiring a time-based verification code from an authenticator app in addition to your email and password or OAuth credentials.
Overview
Add a critical layer of security to your OneSignal dashboard by verifying your identity through an authenticator app. Once enabled, logging into OneSignal will require a time-sensitive 6-digit code from the app.
Setup
Download an authenticator app
Install one of the following authenticator apps on your mobile device:
- Google Authenticator (recommended): Android | iOS
- Microsoft Authenticator: Android | iOS
- Authy: authy.com
Enable 2-step authentication
Sign in to your OneSignal account
If you already have 2FA enabled and are locked out, see I lost my recovery codes.
Go to Account Management
Navigate to Account Management or click your email drop-down > Manage Account.
Enable or reconfigure 2-step authentication
Scroll to the 2-Step Authentication section and click Enable (or Reconfigure if already set up).
Enable 2-Step Authentication
Set up your Authenticator App
Scan QR code or enter key manually
On the “Enable 2-Step Authentication” setup screen, scan the QR code using your authenticator app or manually enter the Secret Key.
Reconfigure 2-Step Authentication
If entering manually, tap Add Account, choose “Enter a setup key”, and name it something memorable like OneSignal_[your_email].
Reconfigure 2-Step Authentication
Reconfigure 2-Step Authentication
The app will now generate a 6-digit code every 30 seconds.
Login with auth code
- In OneSignal, enter the current 6-digit code from your auth app.
- If the code fails, wait 30 seconds and try the next one.
- If the code still fails, check that you entered the key correctly and try again.
Recovery codes
After successful setup, OneSignal will display 10 recovery codes. These codes can be used to access your account if you lose access to your authenticator app.
Recovery codes are shown once only. Save or download them securely. If lost, generate a new set via your account settings to invalidate the previous ones.
Download your recovery codes!
Enforce 2FA for all team members
To enforce 2-step authentication across your organization:
You must be an Organization Admin.
See Team members for details.
Navigate to your Organization.
Navigate to your Organization
Under Team Members > Security, click Enable.
Organization-wide enforcement of 2FA
Select Require 2-Step Authentication for all users, then click Continue.
Require 2-Step Authentication for all users of your apps.
Future invitations to the organization or apps will require users to set up 2FA before accessing.
Disable or reconfigure 2FA
You may not disable 2FA if your organization requires it. Contact your Organization Admin or OneSignal Support if needed.
Follow the steps to Enable 2-step authentication and if enabled, you will have the option to disable or reconfigure.
Troubleshooting & FAQ
I lost my recovery codes
Email support@onesignal.com and cc one of your team members that can verify you.
If you don’t have any other team members with access to the OneSignal app, our Support Team will assist with other options.
Why can’t I log in or see “Failed to configure OTP”?
Try:
- Waiting for the next 30-second code cycle
- Disabling browser extensions (AdBlock, CORS)
- Whitelisting
*.onesignal.com - Disabling Opera’s “Block Trackers”
- Hard refresh
- Trying another browser
Still having issues? Email support@onesignal.com and cc a team member that can verify you.
I forgot my password
Can I use OAuth with 2FA?
Yes, follow the same setup flow after logging in via OAuth
Which authenticator apps are supported?
Any TOTP-compatible app (Authy, Google Authenticator, Microsoft Authenticator, etc.).
Does OneSignal support Okta?
Yes. See OneSignal on Okta and Okta SWA setup guide.
What do the login method icons mean?
Login method icon definitions.