Two-Factor Authentication (2FA) adds an extra layer of security to your TalentLMS account by requiring a second verification step when users sign in.
Following the upcoming March 2026 release, 2FA will be mandatory for all users with administrative permissions. Administrators can also choose to enable 2FA for Instructors and Learners.
In the following sections, you can find guidelines on how to set it up and how it works:
A. Setting up Two-Factor Authentication as an Admin
B. Configure Two-Factor Authentication settings for Admins, Instructors and/or Learners
C. Resetting Two-Factor Authentication for other users
D. Reconfiguring your own Two-Factor Authentication
| Note: Two-Factor Authentication applies only to users who sign in with their username and password. Users authenticated through SSO, social login, or API integrations are not required to complete the 2FA flow. |
Users can authenticate using:
- an Authenticator app (OTP-based)
- an Email verification link (available for users with administrative permissions)
| Note: For users to configure their own 2FA, they must have the Profile > View permission enabled. See here for more information on TalentLMS user types. |
A. Setting up Two-Factor Authentication as an Admin
When 2FA is required for your account, TalentLMS prompts you to configure it after signing in.
1. Sign in to your TalentLMS account using your username and password, and on the Set up two-factor authentication (2FA) window, select your preferred method (1):
- Authenticator app
- Email verification link (only for users with administrative permissions)
2. Click Next (2).
Complete the setup based on the method you selected:
Authenticator app
You can use any authenticator application that supports TOTP (One-Time Passwords), such as Google Authenticator, Microsoft Authenticator, Authy, or any TOTP-compatible app.
1. Select Authenticator app and click Next.
2. On the Link an authenticator app to your account screen, scan the QR code (1) using your authenticator app, then click Next.
3. If you cannot scan the code, click Can't scan the QR code? (2) and enter the provided key manually.
4. Enter the confirmation code generated by your authenticator app in the Confirmation code (3) field.
5. Click Verify (4).
6. Click Next (5) to complete the setup.
Your authenticator app is now linked to your TalentLMS account.
Email verification link
Users with administrative permissions can authenticate using a link sent to their email address.
1. Select Email verification link and click Next.
2. TalentLMS sends a secure login link (1) to your registered email address. Open the email and click the verification link to complete the setup.
| Note: Each link can be used once, and expires after 10 minutes. |
Backup codes
After completing the 2FA setup, TalentLMS generates and shows you your backup codes.
Use these codes if you lose access to your authenticator device.
- Backup codes do not expire.
- Each code can be used once.
- When all codes are used, 2FA must be reset to generate new ones.
Store your backup codes in a safe location.
B. Configure Two-Factor Authentication settings
To configure Two-Factor Authentication settings for your portal:
1. Sign in to your TalentLMS account as an Administrator and click Account & Settings (1).
2. Click Security (2).
3. Under Password settings, locate Two-Factor Authentication (2FA), and click the arrow icon (3) to open the configuration panel.
Administrators can configure 2FA separately for each user type.
Two-Factor Authentication for Admin users
Two-Factor Authentication is required for all users with administrative permissions. Admins can authenticate using an authenticator app, or an email verification link.
You cannot disable 2FA for admin roles, but you can configure the trusted device duration:
1. Sign in as an Administrator and go to Account & Settings > Security.
2. Click Two-Factor Authentication (2FA).
3. Select the Admin role to open the admin configuration panel.
4. Enable Allow to "trust this browser" for (1), if desired.
5. From the Days drop-down list, choose the trust period (2):
- 7 days
- 14 days
- 30 days
| Note: If the trust this browser option is disabled, users must verify their identity every time they log in. |
6. Click Save (3).
| Note: 2FA configuration is managed from the main domain, so branch administrators cannot configure 2FA settings. For Admin users, the configuration applies to the main domain and all branches. For Instructors and Learners, Administrators can choose whether the configuration applies to all branches or specific branches. |
Enable 2FA for Instructors or Learners
Non-Admin user types can authenticate using an authenticator app.
To enable or disable 2FA for non-Admin roles:
1. From the Two-Factor Authentication settings, select the user type (4) you want to configure (e.g., Instructor).
2. Toggle Enabled (5) to activate 2FA for that role.
3. Enable Allow to "trust this browser" for (6) if you want users to skip verification on trusted devices.
4. From the Days drop-down list, choose the trust period (7):
- 7 days
- 14 days
- 30 days
| Note: If the trust this browser option is disabled, users must verify their identity every time they log in. |
5. (Optional) Enable Apply configuration to branches and choose whether the setting applies to all branches or specific branches (8).
| Note: If 2FA is enabled in either the main domain, or one of the restricted branches, then the user needs to authenticate via 2FA when logging in, regardless of which environment they’re logging in to. |
6. Click Save (9).
C. Resetting Two-Factor Authentication for other users
Depending on user roles, different users can reset 2FA settings for other users:
- Admins can reset 2FA for Instructors and Learners.
- SuperAdmins can reset 2FA for Admins.
- Account Owners can reset 2FA for SuperAdmins and Admins.
| Note: Account Owner 2FA can only be reset by the TalentLMS Support team. Here’s how to contact us. |
To reset 2FA for another user:
1. Sign in to your TalentLMS account, go to Users (1) and click Edit next to the user you wish to reset 2FA for.
2. In the user’s profile > Info tab, scroll down to the Two-Factor Authentication (2FA) section and click Reset 2FA (2).
3. In the new window, click Reset again to confirm your choice.
The user will now have to reconfigure their 2FA settings the next time they sign in.
D. Reconfiguring your own Two-Factor Authentication
To reset your own 2FA:
1. Sign in to your TalentLMS account, and go to My profile (1).
2. Scroll down to the Two-Factor Authentication (2FA) section and click Reconfigure 2FA (2).
3. Enter your password in the relevant field, and click Validate (3).
4. Select a 2FA method (authenticator app, or email verification link if available), and complete the reconfiguration.