Persona logoPersona Help Center
ArticlesCommunityAcademyDeveloper DocsSystem Status
Menu icon

Articles

Getting started
Inquiries
Verifications
Accounts
Transactions
Reports
Cases
Workflows
Graph
Marketplace and 3rd-Party Integrations
Other Platform Products
Admin
Team and permissions
Security and Privacy
Overview
SSO and Authentication
Managing Data
FAQ
Fraud Considerations
For end users

Get help now

Submit a request
Admin
Security and Privacy
SSO and Authentication

Two-factor authentication (2FA) for Persona Dashboard

What is two-factor authentication?

Two-factor authentication provides an additional layer of security for your Persona Dashboard user accounts and helps keep your data shielded from cyber threats. We strongly recommend that all Dashboard users enable 2FA due to the sensitive nature of customer data stored on Persona.

With 2FA, sign-in to the Persona Dashboard becomes a two-step process:

  1. Something you know (password)
  2. Something you have (code generated by authenticator app, or code sent to email or phone)

Persona currently supports authenticator app, email, and phone as 2FA methods.

Why 2FA is enforced?

As a platform that handles personally identifiable information (PII) and other sensitive customer data, Persona is deeply committed to helping our customers protect their accounts and information. That’s why two-factor authentication is enforced by default for all Dashboard users, ensuring a secure access baseline across the organization.

Enforcing 2FA is a critical part of our broader security strategy to protect against credential-based attacks and unauthorized access. Even if login credentials are compromised, requiring a second factor makes it significantly harder for malicious actors to gain access to the Dashboard and your data.

User setup

Teammates can enable 2FA in Organization > Security. When enabled, all sessions besides the current session will be expired.

Note: to be able to use phone, a Dashboard user must update their profile to have a phone number.

Team management

2FA is an important safeguard for securing access to the Persona Dashboard. To support secure operations across the organization, 2FA will be required for all new organizations. New users of those Organizations must complete 2FA setup before gaining access to the Dashboard.

While 2FA is enforced for by default, Persona supports multiple 2FA methods, including:

  • Authenticator app (e.g., Google Authenticator, Authy)
  • Email-based one-time codes
  • SMS (phone-based) codes

To use phone-based 2FA, users must add a phone number to their Profile.

Admins can manage their Organization 2FA settings in, Organization > Security section, and individual users can view their current 2FA status in, Profile > Security. Information about 2FA enrollment can also be viewed on the Team > Users page in the "2FA Enabled" column.

For existing teammates who have not yet enrolled in 2FA, a prompt will appear in the Dashboard with setup instructions. Persona recommends proactively configuring Profile 2FA to help protect your account and sensitive data.

Recovery

If a teammate loses access to their 2FA method, an admin can issue a one-time recovery codes to regain access on the Team > Users page in the three-dot menu for that user.

Teammates who have set up 2FA can also generate a one-time recovery code themselves in Profile > Security in the 'Recovery Code' section.

Recovery codes do not expire and should be securely stored. Only send recovery codes to teammates whose identity you are certain of.