Two-Step Authentication

2 factor authorization for your OneSignal.com account. Notes on Okta support.

What is Two-Step Authentication

Two-Step Authentication provides an additional authentication layer to ensure only you can access your OneSignal account.

In addition to your email address and password or OAuth, Two-Step Authentication requires you to install an authenticator app such as Authy on your personal mobile device. When you log in to OneSignal, you will be prompted for a verification code generated by the authenticator app to access your OneSignal account.

How to set up Two-Step Authentication on OneSignal

Step 1 - Login

New Registrations

  • Sign up with your email address and password or with your OAuth provider.
  • Access the “Two-Step Authentication” section from the OneSignal Account Management page.
14191419 17011701
  • Click “Enable”
  • Follow Step 2

Existing users

  • Access the “Two-Step Authentication” section from the OneSignal Account Management page.
  • Click “Enable”
  • Follow Step 2

Step 2 - Setup Authenticator App

  • Download an authenticator app on your personal mobile device
  • From the authenticator app, Scan the QR code or enter the Secret Key displayed on OneSignal set up screen
  • Enter the six-digit verification code from the authenticator app on OneSignal setup screen
12301230

Step 3 - Recovery Codes

Upon successful set up of an authenticator app, OneSignal will generate a set of 10 recovery codes. These codes can be used to login to your account if you don't have access to the authenticator app.

Note: For security purposes, OneSignal will display the recovery code only once. Please download or copy these in a safe place. In case you lose the recovery codes, you can generate a new set, invalidating the old recovery codes, from the Account Management page.

17011701

New Login Flow after Two-Step Authentication is Enabled

  • Enter email address and password or OAuth AND
  • Enter the authentication code from the app OR Enter one of the recovery codes OR
  • Contact Support for help

Enforce Two-Step Authentication for your Organization

Navigate to Organizations > Your Organization > Roles

28102810 28102810

From the Organization Roles tab, Org-level admins can:

  • View login method and two-step authentication status for all users
  • Change the organization-wide Two-Step Authentication policy to
    Default: Allow users to select their own, individual login method, with or without the two-step authentication
    Recommended: Require Two-Step Authentication for all users. Mandatory Two-Step Authentication at an org-level will force all users to enable two-step authentication before they can log in to OneSignal the next time.

Note: Org-wide policy enforcement with a single-click is only available to paid accounts.

What do different icons under login method column mean?

11141114

FAQ

What if I am locked out of my account?

1 - Log in to onesignal.com (should have to use a 2-Step auth recovery code)
2 - If 2-step enabled for entire organization: Go to Organization > Roles and disable 2-step auth for organization, will enable again later (everyone that has logged in at some point should still have 2 factor requirement)
3 - Go to your Accounts and API keys on top right menu button
4 - Enable 2-step authentication at your personal level (may need to disable and enable)
5 - You will get prompted to scan the QR code again
6 - If 2-step enabled for entire organization, go back to Organization > Roles and re-enable 2 step auth for company

  • I don’t remember my login password.
    The process to reset your forgotten password is still the same.

  • I don’t have access to the authenticator app.
    Use one of the recovery codes generated on successful Two-Step Authentication setup

  • I don’t remember recovery codes.
    Please contact OneSignal Support to unlock your account with a one-time code. Please generate a new set of recovery codes on successful login and keep them safe.

How do I disable Two-Step Authentication?

Access Two-Step Authentication settings on the OneSignal Account Management page. Click on “Disable”.
Note: Users will not be able to disable Two-Step Authentication if any of the organizations they are part of enforces it.

How do I generate new recovery codes?

Access Two-Step Authentication settings on the OneSignal Account Management page.
Click on “Generate New Recovery Codes”.

OAuth Login

Customers using third-party OAuth login methods (Facebook, Google, Github, etc) can enable Two-Step Authentication on Onesignal following the same process.

Supported Authenticator Apps

We recommend using Authy, but any authenticator app that supports a Time-based One-time Password (TOTP) mechanism, including Google authenticator, Microsoft authenticator, etc. can be used to set up Two-Step Authentication on OneSignal.

Does OneSignal have Okta Support?

Okta has us featured on their website for SWA Capabilities

Here is some of Okta's SWA docs that might be helpful.