2-Step Login

How do I enable 2-Step Login in BambooHR?

Purpose: We know that your BambooHR account stores sensitive employee information for your company and we want to make sure you know your data is secure. 2-Step Login gives you the option to require a passcode each time you and your employees log in to your account. This help guide will walk you through how to enable this feature in Settings.

Enable 2-Step Login in BambooHR

To set up 2-Step Login, navigate to Account in Settings. Select 2-Step Login and click Get Started.

A modal will appear for you to select from three requirement levels: 

  • Enabled For All - all employees can opt into 2-Step Login but it is not required.
  • Require For All - all employees have to use 2-Step Login.
  • Required By Access Level - only employees in a certain access level are required to use 2-Step Login. Employees not in the required access level will still have the option to log in using 2-Step Login. 

If you choose the Required By Access Level option, you will need to specify in the dropdown menu which access levels are required. 

For both required options, select the date you would like users to start using 2-Step Login in your account and click Enable. On the selected start date, BambooHR will require a password and a code generated from an authenticator app or text message for those who have it enabled. 

If you choose the option to enable 2-Step login for everyone but not make it required, you and your employees will be able to use it immediately upon setup. 

Check out our help guide to learn more about how the employee can set up 2-Step Login after it is enabled. 

2-Step Login actions

Once enabled, you will see an action menu in the top right corner. This will give you the following options: 

  • Reset Employee's 2-Step Login
  • Edit 2-Step Login Settings
  • Disable 2-Step Login. 

Editing the settings will allow you to change who is required to have 2-Step Login after it is enabled. 

Resetting an employee's 2-Step Login

2-Step Login in Settings

Account Info

If you choose to reset an employee's 2-Step Login in Settings, you will see a list of employees who have set up an authentication code. Simply select the employee in the list and click Reset.

Employee profile

You can also reset an employee's 2-Step Login by going to the action menu on their employee profile. Simply hover over "Security" and select Reset 2-Step Login.

Charlotte Abbott - Personal

What if I (admin) get locked out of my account with 2-Step Login enabled?

  1. If another admin is available, please have them reset your 2-Step Login. 
  2. If there is no other admin to do this, revert to the backup codes you have created when setting up your 2-Step Login.
  3. If one or two are not possible, please reach out to our Support team via phone. We will need written approval from a Full Admin user for verification. 
Disabling 2-Step Login
Account Info

If you select to disable 2-Step Login, you will see a pop-up notification asking you to confirm your selection. Employees will immediately be able to log in without a second code.

Note: If you disable and then re-enable 2-Step Login, the system will restart 2-Step Login from the point when it was disabled. Employees will not need to set it up again.  

Rolling out 2-Step Login to your employees

*Use this sample email copy to help roll out 2-Step Login to your workforce.*

Hi Team,

In an effort to keep employee information as secure as possible we’ll now be requiring you to use both your password and a unique code to log in to your BambooHR account.

Here’s what you’ll need to do to generate your unique code:

  1. Log in to your BambooHR account from your desktop or laptop computer. 
  2. You’ll see a message letting you know 2-Step Login is now or soon to be required. Select “Setup Now” to get started. 
  3. Next, visit your app store on your mobile phone and download an authenticator app, such as Google Authenticator.  
  4. Open your authenticator app and scan the QR barcode that appears on your desktop or laptop screen.
  5. You’ll be prompted to download or print backup codes. Backup codes will be used if you’re ever locked out of your account and without your mobile device. Remember where you save these codes!
  6. Enter the 6-digit code displayed in your authenticator app into your account and you can begin using your account as you normally would.

Thank you for your cooperation! 

Please feel free to contact me with any questions,

Your HR Team

Multi-factor authorization (MFA) requirement for Payroll customers

We have our customers' data security on the top of our mind. As result, we added a requirement of multi-factor authentication.

For Payroll customers, please refer to the table below to understand what requires the enablement of 2-Step Login.

Login Setup 2-Step Login Required?
BambooHR username and password  YES
SAML, SSO, Google/Microsoft Login without BambooHR username and password login NO
SAML, SSO, Google/Microsoft Login with BambooHR username and password login