Skip to main content
All CollectionsAdmin HubAccount Setup
Two-factor authentication (2FA)
Two-factor authentication (2FA)

Enable 2FA on PandaDoc via app or SMS for added security. Configure individually. Backup codes are essential if device access is lost.

Updated this week

Availability:

  • App authentication – all plans.

  • SMS authentication – Essentials, Business, and Enterprise plans.

Note: SMS authentication is not available for accounts during the trial period.

In this article, we will walk you through the steps to enable, pass, and disable 2FA on your PandaDoc account, ensuring your sensitive information remains safe.

Note: The 2FA described in this article won't work for Google OAuth or SSO logins. You'll need to configure 2FA on the provider's side for these sign-in methods.

Skip to:

How to enable 2FA via app

Warning: You’ll be unable to set up 2FA unless you verify your account email address.

Note: Each user on the account should set up two-factor authentication for their user profile in their account settings.

Select your profile image at the lower left corner to access Settings and select Security. From here, select Turn on 2FA.

Enter your account password and select Continue.

Select 'Authenticator app' as the authentication method. This app generates a code for you to log in to your account.

Install or open Google Authenticator, Authy, or a similar third-party authenticator app on your mobile device.

Scan the QR code or manually enter the setup key into the authentication app.

Next, enter the six-digit code generated by your authenticator app. Select Turn on.

Don’t forget to copy the backup codes for logging in when the authenticator app isn't available and select Codes saved.

Important:

If you lose access to the device you use for the second factor, a backup code would be the only way to restore access to your account.

That’s it for the setup! Now each time you log in to your account you’ll need to enter a code from your authenticator app.

How to enable 2FA via text message (SMS)

Warning: You’ll be unable to set up 2FA via SMS on a free eSign plan or during the trial period.

Select your profile image at the lower left corner to access Settings and select Security. From here, select Turn on 2FA.

Enter your account password and select Continue.

Select 'Text message (SMS)' as the authentication method.

Add a phone number and select Send code.

Enter the code you received via SMS and select Confirm to finish the setup.

Don’t forget to copy the backup codes for logging in when your phone isn't available and select Codes saved.

Important:

If you lose access to the device you use for the second factor, a backup code would be the only way to restore access to your account.

Now each time you log in to your account you’ll need to enter a code from a text message.

How to log in to PandaDoc with 2FA enabled

Enter your email and password at the login page and select Log in.

Next, enter the code from your authenticator app or SMS and select Verify.

How to disable 2FA

  1. Select your profile image at the bottom left corner to open Settings and select Security

  2. Select the three vertical dots menu on the right to the enabled authentication method > Remove

  3. Enter your account password and select Continue

  4. Confirm your action by selecting Disable

FAQ

Can 2FA be configured at the organization level?

No, 2FA can only be set up individually. Each user needs to enable it on their own.
The account owner can check who doesn't have 2FA enabled in Settings > All users.

Is it possible to enforce 2FA on the entire organization or workspace?

No, however, you can achieve this by utilizing Single Sign-On (SSO) and enforcing 2FA on the SSO side.

Does 2FA work when using SSO or OAuth for login?

No, 2FA is not triggered when logging in through an external provider. To enable 2FA, you must configure it on the provider's side.

Are physical keys like Yubico supported for 2FA?

No, only the Authentication App and SMS are supported. If you require a physical key, consider configuring SSO with key support on the provider's side.

Did this answer your question?