How do I set up a required 2-Step Login in BambooHR?
Purpose: We know that your BambooHR account stores sensitive employee information for your company and we want to make sure you know your data is secure. 2-Step Login gives you the option to require a passcode each time you and your employees log in to your account. This help guide will walk you through how to set this up.
If you are currently using SAML, Okta, or OneLogin for two-factor authentication, you will not see the option for 2-Step Login.
Enable 2-Step Login in your account
To set up 2-Step Login, navigate to Account in Settings. Select 2-Step Login and click Get Started.
A modal will appear for you to select whether all employees are required to use 2-Step Login or only some employees based on access level settings. If you choose the Required By Access Level option, you will need to specify which access levels are required in the dropdown menu. Then, select the date you would like to have 2-Step Login enabled in your account and click Enable.
On the selected start date, BambooHR will require a password and a code generated from an authenticator app for those who have it enabled.
Check out our help guide about how the employee can set up 2-Step Login.
Once enabled, you will see an action menu in the top right corner. This will give you the following options: Reset Employee's 2-Step Login, Edit 2-Step Login Settings, and Disable 2-Step Login. Editing the settings will allow you to change who is required to have 2-Step Login after it is enabled.
2-Step Login settings
If you choose to reset an employee's 2-Step Login in Settings, you will see a list of employees who have set up their authentication code. Simply select the employee in the list and click Reset.
You can also reset an employee's 2-Step Login by going to the action menu on their employee profile. Simply hover over "Security" and select Reset 2-Step Login.
What if an admin gets locked out of their BambooHR account when their 2-Step Login is enabled?
- If another admin is available, please have them reset your 2-Step login.
- If there is no other admin to do this, revert to the backup codes you created when you initially set up your 2-Step Login.
- If one or two are not possible, please reach out to BambooHR Support via phone. We will need written approval from a Full Admin user for verification.
If you select to disable 2-Step Login, you will see a pop-up notification asking you to confirm your selection. Employees will be able to log in immediately without a second code.
Note: If you disable and then re-enable 2-Step Login, the system will restart 2-Step Login from the point when it was disabled. Employees will not need to set it up again.
*Use this sample email copy to help rollout 2-Step Login to your workforce.*
In an effort to keep employee information as secure as possible we’ll now be requiring you to use both your password and a unique code to log in to your BambooHR account
Here’s what you’ll need to do to generate your unique code:
- Log in to your BambooHR account from your desktop or laptop computer
- You’ll see a message letting you know 2-Step Login is now or soon to be required. Select “Setup Now” to get started.
- Next, visit your app store on your mobile phone and download an authenticator app, such as Google Authenticator.
- Next, open your authenticator app and scan the QR barcode that appears on your desktop or laptop screen
- Next, you’ll be prompted to download or print backup codes. Backup codes will be used if you’re ever locked out of your account and without your mobile device. Remember where you save these codes!
- Next, enter the 6-digit code displayed in your authenticator app into your account and you can begin using your account as you normally would.
Thank you for your cooperation!
Please feel free to contact me with any questions,
Your HR Team