Two-factor authentication (2FA) is a dual security feature to authenticate users. The Cybersecurity & Infrastructure Security Agency (CISA) recommends enabling 2FA to protect your account if your login credentials are compromised. This article details the 2FA settings in OneView and how to reset 2FA if needed.
NOTICE - Effective May 20th, 2026, 2FA is mandatory for all OneView users. This extra layer of security helps keep accounts safe from unauthorized access, credential-based attacks, account takeover, data exposure, and other security incidents by requiring an additional verification step before access is granted.
A mobile device with a camera and an authenticator app is needed to set up 2FA. Supported authenticator apps:
- Google Authenticator
- Authy
- 1Password
- Microsoft Authenticator
- Okta Verify
- Duo Mobile
- LastPass Authenticator
2FA Recovery code
Global Administrators can enable a global setting that allows users to authenticate using a recovery code sent by email. This setting must be enabled in the console before using a recovery code. A recovery code is helpful in cases where a mobile device was lost or replaced. Enabling this setting could allow threat actors to bypass 2FA if the user's email account is compromised.
- Go to Configure > Users.
- Click the Two-factor authentication button.
- Toggle on Allow the recovery code to be sent via email.
Once the setting is enabled, users can request a recovery code.
Set recovery email address
After enabling the feature, each user with 2FA enabled is required to provide a recovery email address that belongs to a different domain than their OneView login email. This extra step is designed to provide an additional layer of security in case their login email is ever compromised.
Users are prompted to set a recovery address when logging in. If they didn't configure it during login or want to change it, they can manually set or update the recovery email address from the user profile menu. For more information, see 2FA recovery email.
Request a recovery code
- Go to the OneView login page.
- Enter the credentials to log in.
- Click Request recovery code.
- Check the email for the recovery code.
- Enter the recovery code in the verification screen and click Submit.
Reset 2FA
We recommend maintaining at least two Global Administrator accounts in OneView so one can reset 2FA for the other if needed, for example, when a user replaces their mobile device or loses access.
To reset 2FA for another user (Global Administrator required):
- Click Configure > Users.
- Locate the user and click the ellipsis icon
.
- Click Reset 2FA.
If there are no other admins to reset 2FA, contact Support.
To switch authenticator apps while already logged in:
- In the top-right, click your display name > Profile.
- Go the Security Settings tab
- Click Reset 2FA.
For other 2FA issues, see Troubleshoot two-factor authentication (2FA) in OneView.