Overview

Add a critical layer of security to your OneSignal dashboard by verifying your identity through an authenticator app. Once enabled, logging into OneSignal will require a time-sensitive 6-digit code from the app.

Setup

Download an authenticator app

Install one of the following authenticator apps on your mobile device:

Enable 2-step authentication

1

Sign in to your OneSignal account

If you already have 2FA enabled and are locked out, see I lost my recovery codes.
2

Go to Account Management

Navigate to Account Management or click your email drop-down > Manage Account.
3

Enable or reconfigure 2-step authentication

Scroll to the 2-Step Authentication section and click Enable (or Reconfigure if already set up).

Enable 2-Step Authentication

Set up your Authenticator App

1

Scan QR code or enter key manually

On the “Enable 2-Step Authentication” setup screen, scan the QR code using your authenticator app or manually enter the Secret Key.

Reconfigure 2-Step Authentication

If entering manually, tap Add Account, choose “Enter a setup key”, and name it something memorable like OneSignal_[your_email].

Reconfigure 2-Step Authentication


Reconfigure 2-Step Authentication

The app will now generate a 6-digit code every 30 seconds.
2

Login with auth code

  • In OneSignal, enter the current 6-digit code from your auth app.
  • If the code fails, wait 30 seconds and try the next one.
  • If the code still fails, check that you entered the key correctly and try again.

Recovery codes

After successful setup, OneSignal will display 10 recovery codes. These codes can be used to access your account if you lose access to your authenticator app.
Recovery codes are shown once only. Save or download them securely. If lost, generate a new set via your account settings to invalidate the previous ones.

Download your recovery codes!

Enforce 2FA for all team members

To enforce 2-step authentication across your organization:
1

You must be an Organization Admin.

See Team members for details.
2

Navigate to your Organization.

Navigate to your Organization

3

Under Team Members > Security, click Enable.

Organization-wide enforcement of 2FA

4

Select Require 2-Step Authentication for all users, then click Continue.

Require 2-Step Authentication for all users of your apps.

Future invitations to the organization or apps will require users to set up 2FA before accessing.

Disable or reconfigure 2FA

You may not disable 2FA if your organization requires it. Contact your Organization Admin or OneSignal Support if needed.
Follow the steps to Enable 2-step authentication and if enabled, you will have the option to disable or reconfigure.

Troubleshooting & FAQ

I lost my recovery codes

Email support@onesignal.com and cc one of your team members that can verify you. If you don’t have any other team members with access to the OneSignal app, our Support Team will assist with other options.

Why can’t I log in or see “Failed to configure OTP”?

Try:
  • Waiting for the next 30-second code cycle
  • Disabling browser extensions (AdBlock, CORS)
  • Whitelisting *.onesignal.com
  • Disabling Opera’s “Block Trackers”
  • Hard refresh
  • Trying another browser
Still having issues? Email support@onesignal.com and cc a team member that can verify you.

I forgot my password

Reset your password

Can I use OAuth with 2FA?

Yes, follow the same setup flow after logging in via OAuth

Which authenticator apps are supported?

Any TOTP-compatible app (Authy, Google Authenticator, Microsoft Authenticator, etc.).

Does OneSignal support Okta?

Yes. See OneSignal on Okta and Okta SWA setup guide.

What do the login method icons mean?

Login method icons

Login method icon definitions.