Skip to main content

Overview

Two-step authentication (2FA) adds a layer of security to your OneSignal account by requiring a time-sensitive 6-digit code from an authenticator app each time you log in. If you lose access to your authenticator app, you can use one-time recovery codes to log in and reconfigure 2FA on a new device.
Set up your authenticator on a personal device you control long-term — not a shared or temporary test device. If you lose access to that device and your recovery codes, you will be locked out of your account.

Setup

Download an authenticator app

Install one of the following authenticator apps on your personal mobile device:
Choose an app that supports cloud backup or multi-device sync (like Google Authenticator with cloud backup enabled). This protects you if you lose or replace your phone.

Enable 2-step authentication

1

Sign in to your OneSignal account

If you are locked out, see Lost your device or authenticator app?.
2

Go to Account Management

Navigate to Account Management or click your email drop-down > Manage Account.
3

Enable or reconfigure 2-step authentication

Scroll to the 2-Step Authentication section and click Enable (or Reconfigure if already set up).

Set up your Authenticator App

1

Scan QR code or enter key manually

On the “Enable 2-Step Authentication” setup screen, scan the QR code using your authenticator app or manually enter the Secret Key.
If entering manually, tap Add Account, choose “Enter a setup key”, and name it something memorable like OneSignal_[your_email].

2

Get the 6-digit code

The app will now generate a 6-digit code every 30 seconds.
3

Login with auth code

  • In OneSignal, enter the current 6-digit code from your auth app.
  • If the code fails, wait 30 seconds and try the next one.
  • If the code still fails, check that you entered the key correctly and try again.

Recovery codes

After successful setup, OneSignal displays 10 one-time recovery codes. Each code can only be used once to log in if you lose access to your authenticator app.
Recovery codes are shown only once during setup. Download or copy them immediately and store them in a secure location like a password manager. If you lose both your authenticator device and your recovery codes, you will need to contact support to regain access.

Log in with a recovery code

If you cannot access your authenticator app, use a recovery code instead:
  1. Enter your email and password on the OneSignal login page.
  2. On the 2FA verification screen, select the option to use a recovery code.
  3. Enter one of your saved recovery codes. Each code works only once. Cross it off your list after use.
After logging in with a recovery code, immediately reconfigure 2FA on a device you currently have. If you keep using recovery codes without reconfiguring, you will run out and be locked out of your account. See Transfer 2FA to a new device.

Lost your device or authenticator app?

If you no longer have the device with your authenticator app, follow the path that matches your situation: If you have recovery codes:
1

Log in with a recovery code

Follow the steps in Log in with a recovery code.
2

Transfer 2FA to your current device

Immediately reconfigure 2FA on a device you control. See Transfer 2FA to a new device.
If you lost your recovery codes and your device: Email support@onesignal.com and CC a team member who can verify your identity. If you don’t have other team members with access to the OneSignal app, the Support Team will assist with alternative verification.

Transfer 2FA to a new device

If you set up 2FA on a device you no longer have access to (for example, a test device or an old phone), reconfigure it on your current device:
1

Log in to your OneSignal account

Use your authenticator app or a recovery code to sign in.
2

Go to Account Management

Navigate to Account Management or click your email drop-down > Manage Account.
3

Reconfigure 2-step authentication

Scroll to the 2-Step Authentication section and click Reconfigure.
4

Set up your authenticator on your new device

Scan the new QR code with the authenticator app on your current device. See Set up your authenticator app for details.
5

Save your new recovery codes

OneSignal generates a fresh set of 10 recovery codes. The previous codes are invalidated. Save these immediately.

Enforce 2FA for all team members

To enforce 2-step authentication across your organization:
1

You must be an Organization Admin.

See Team members for details.
2

Navigate to your Organization.

Navigate to Organizations on the left sidebar and select your organization.
3

Under Team Members > Security, click Enable.

4

Select Require 2-Step Authentication for all users, then click Continue.

Future invitations to the organization or apps will require users to set up 2FA before accessing.Anyone that is not using 2FA will be required to set it up upon next login.

Disable or reconfigure 2FA

You may not disable 2FA if your organization requires it. Contact your Organization Admin or support@onesignal.com if needed.
Follow the steps to Enable 2-step authentication and if enabled, you will have the option to disable or reconfigure.

FAQ

I’m locked out of my account — how do I get back in?

If you have recovery codes, use one to log in, then immediately transfer 2FA to your current device. If you’ve used all your recovery codes or lost them, email support@onesignal.com and CC a team member who can verify your identity.

I lost my recovery codes and my device

Email support@onesignal.com and CC a team member who can verify your identity. If you don’t have other team members with access, the Support Team will assist with alternative verification.

Why do I keep getting asked for a recovery code every time I log in?

This means your authenticator app is no longer generating valid codes for your OneSignal account — usually because the app was on a device you no longer have. Each recovery code is single-use, so you will eventually run out. To fix this permanently, transfer 2FA to a device you currently use after logging in.

Why can’t I log in or see “Failed to configure OTP”?

Try:
  • Waiting for the next 30-second code cycle
  • Disabling browser extensions (AdBlock, CORS)
  • Whitelisting *.onesignal.com
  • Disabling Opera’s “Block Trackers”
  • Hard refresh
  • Trying another browser
Still having issues? Email support@onesignal.com and CC a team member who can verify your identity.

I forgot my password

Reset your password. Password reset is separate from 2FA — you still need your authenticator app or a recovery code after resetting your password.

Can I use OAuth with 2FA?

Yes. Follow the same setup flow after logging in via OAuth.

Which authenticator apps are supported?

Any TOTP-compatible app works, including Google Authenticator, Microsoft Authenticator, Authy, 1Password, and Bitwarden. Choose one that supports cloud backup or multi-device sync to avoid losing access if you switch phones.

Does OneSignal support Okta?

Yes, there are 2 options:
  1. Your Okta admin can add OneSignal as an app using Secure Web Authentication (SWA). See the OneSignal integration on Okta for setup. OneSignal’s 2FA is separate from Okta.
  2. Talk to our Sales team to get discuss setting this up based on your plan.

What do the login method icons mean?

Login method icons