2-Step Login

How do I Set up a Required 2-Step Login in BambooHR?

Purpose: We know that your BambooHR account stores sensitive employee information for your company and we want to make sure you know your data is secure. 2-Step Login gives you the option to require a passcode each time you and your employees log in to your account. This help guide will walk you through how to set this up.

If you are currently using SAML, Okta, or Onelogin for 2-Factor Authentication, you will not see the option for 2-Step Login. 

Enable 2-Step Login in your Account

To set up 2-step login, navigate to Account in Settings. Select "2-Step Login" and click "Get Started."

Select the date you'd like to start using 2-Step Login in your account and click Enable.

At that point, BambooHR will require a password and a code generated from an authenticator app. Employees will be asked to use a 2-Step Login once it is enabled but it won't be required until the selected start date.

When you enable 2-Step Login, there is not a way to filter which employees will be included. It will be required for all users who are logging into your BambooHR account. 

Check out our help guide about how the employee can set up 2-Step Login.

2-Step Login Actions

Once enabled, you will see an action menu in the top right corner. This will give you the option to Reset an Employee's 2-Step Login or Disable 2-Step Login.

Reset Employee's 2-Step Login

2-Step Login Settings

Account Info

If you choose to reset an employee's 2-Step Login in Settings, you will see a list of employees who have set up their authentication code. Simply select the employee in the list and click "Reset."

Employee Profile

You can also reset an employee's 2-Step Login by going to the action menu on the employee's profile. Simply hover over Security and select "Reset 2-Step Login."

Charlotte Abbott - Personal

What if an admin gets locked out of their BambooHR account when their 2-Step Login is turned on?

  1. If another admin is available, please have them reset your 2-Step login. 
  2. If there is no other admin to do this, revert to the backup codes you created when you initially set up your 2-Step Login.
  3. If one or two are not possible, please reach out to BambooHR customer support via phone. They will need you to verify the last 4 digits of the credit card currently on file for your company.
Disable 2-Step Login
Account Info

If you select to Disable 2-Step Login, you will see a pop-up notification asking you to confirm. Employees will immediately be able to log in without a second code.

Note: If 2-Step Login is disabled and re-enabled later, 2-Step Login will restart from the point that it was disabled. Employees will not need to set it up again.  

Rolling out 2-Step Login to your Employees

*Use this sample email copy to help rollout 2-Step Login to your workforce.*


Hi Team,

In an effort to keep employee information as secure as possible we’ll now be requiring you to use both your password and a unique code to log in to your BambooHR account

Here’s what you’ll need to do to generate your unique code:

  1. Log in to your BambooHR account from your desktop or laptop computer 
  2. You’ll see a message letting you know 2-Step Login is now or soon to be required. Select “Setup Now” to get started. 
  3. Next, visit your app store on your mobile phone and download an authenticator app, such as Google Authenticator.  
  4. Next, open your authenticator app and scan the QR barcode that appears on your desktop or laptop screen
  5. Next, you’ll be prompted to download or print backup codes. Backup codes will be used if you’re ever locked out of your account and without your mobile device. Remember where you save these codes!
  6. Next, enter the 6-digit code displayed in your authenticator app into your account and you can begin using your account as you normally would.

Thank you for your cooperation! 

Please feel free to contact me with any questions,

Your HR Team

What's Next?

Click here to see instructions you can share with your employees about setting up 2-Step Login.