Purpose: We know that your BambooHR account stores sensitive employee information for your company, and we want to make sure you know your data is secure. With 2-Step Login being required, your employees will need to enter a passcode each time they log in to their account or choose Trust this device (for six months). This help guide will walk you through how to manage this requirement in BambooHR.

Table of Contents

• 2-Step Login requirement
  • Third-party login users
  • Frequently asked questions (FAQ)
  • Employee communication
• Reset an employee's 2-Step Login
  • Settings
  • Employee profile

Data security is our top priority at BambooHR. With that said, we take the privacy and security of your account very seriously. As a result, we require 2-Step Login for all users. Your account will be set to Required For All, and you will not be able to change this setting. 

However, there is one exception to this, and please review the Third-Party Login Users section below to understand the exception.

1. Will your 2-Step Login requirement override our employees' third-party MFA login?
   • If ALL users in your account are already using a third-party MFA/SSO/SAML solution, they will not be required to set up BambooHR's 2-Step Login. Please review the table above to confirm.
2. How is the 2-Step Login requirement different from the two-step process that is already in place for employees to log in to their account?
   • Users will need to use a mobile device to set up 2-Step Login via SMS or an authenticator app. Once set up, users can check a box to trust a device and will not have to use 2-Step Login for the next six months. After six months, the user will need to renew their login.
3. What if an employee does not have a mobile device? What options can they use for 2-Step Login?
   • 2-Step Login requires a phone or authenticator app/browser extension to validate the login. You can consider the option of enabling SSO, which allows for alternative methods of validation.
4. Are non-employee users required to use 2-Step Login?
   • If they are not using an SSO login, they will be required to use 2-Step Login.
5. What if I do not want to have 2-Step Login required for my account?
   • Our 2-Step Login requirement is a mandatory system-wide change that applies to all customers. This is to keep your account a secure place for your important data.
6. 2-Step Login has been an option previously—why has this changed?
   • We decided to implement the 2-Step Login requirement due to some major data breaches and cybersecurity incidents within other companies in 2024. Requiring MFA will reduce customer data risk, internal costs to investigate instances of fraud, and the reputational risk to BambooHR associated with a security incident.
7. Will my employees receive any communication about the rollout of the 2-Step Login requirement?
   • Only Account Owners and Full Admin users will receive a few emails about the newly implemented requirement. Once 2-Step Login is rolled out to your company, the employee will have 30 days to set up their verification method (as indicated by a notification that will appear upon logging in after the rollout). Additionally, we have provided the following sample email to help you communicate 2-Step Login setup instructions to your employees.
8. What happens if an user does not set up 2-Step Login within the 30-day timeframe?
   • The user will not be able to log in to their account without setting up a verification method. They will receive a prompt to set up their verification method once they enter their email address and password to log in.

Hi Team,

In an effort to keep employee information as secure as possible, we’ll now be requiring you to use both your password and a unique code to log in to your BambooHR account.

Here’s what you’ll need to do to generate your unique code:

1. Log in to your BambooHR account from your desktop or laptop computer. 
2. You’ll see a message letting you know 2-Step Login is now or soon to be required. Select Setup Now to get started. 
3. Choose your preferred verification method: Text Message (SMS) or Authenticator App.
4. Please follow the setup instructions below depending on the verification method you have selected.

Text Message (SMS)

1. Enter your country code and phone number, and then click Send Verification Code.
2. Enter the six-digit code that was sent to your phone, and you can begin using your account as you normally would.

Authenticator App

1. Visit your app store on your mobile phone and download an authenticator app, such as Google Authenticator. 
   • For Apple iOS users, download Google Authenticator.
   • For Android OS users, download Google Authenticator.
2. Open your authenticator app and scan the QR barcode that appears on your desktop or laptop screen.
3. You’ll be prompted to download or print backup codes. Backup codes will be used if you’re ever locked out of your account and without your mobile device. Remember where you save these codes!
4. Enter the six-digit code displayed in your authenticator app into your account, and you can begin using your account as you normally would.

Thank you for your cooperation! 

Please feel free to contact me with any questions,

Your HR Team