Understanding 2FA in Visma

  • Updated on Mar 19, 2026
  • Published on Mar 19, 2026
  • 2 minute(s) read
Prev Next

What is 2FA?

Two-Factor Authentication (2FA) is an extra layer of security used to ensure that you are the only person who can access your account, even if someone would get hold of your password.

It requires two things:

  1. Something you know: Your password.

  2. Something you have: Your physical mobile phone or a security key.

🛡️ The "Security Guard" Story

Think of your Visma account like a high-security building:

  1. Your Password is your physical key.

  2. 2FA is the security guard standing at the door.

If a thief steals your key (password), they still can’t get in because the security guard will ask to see your phone to prove it’s really you. Unless the thief also has your physical phone and your fingerprint/PIN, they are blocked.


💡 One Security Shield for All Apps

The most important thing to know is that 2FA is tied to your Visma Connect Profile, not to a specific application.

  • It is Universal: Once you set up or change your 2FA settings, those changes apply to every Visma application you use (e.g., Visma Net, Expense, Payroll, etc.).

  • Set it Once: You do not need to repeat the setup for different apps.

  • Update Everywhere: If you reset your 2FA because you got a new phone or lost access, it will update your login process for all your Visma tools simultaneously.


How it Works: Choose Your Method

You can choose the method that fits your workflow best. We recommend the Visma Authenticator.

Method

Effort

How it works

Visma Authenticator App

Easiest

You get a notification on your phone. Just tap "Approve".

Standard Authenticator

⭐⭐ Medium

Open an app (like Google or Microsoft) and type in a 6-digit code.

Security Keys / Passkeys

⭐⭐ Medium

Plug in a USB Key (like a YubiKey) or use your laptop's FaceID/Fingerprint.

🏁 When will you see the 2FA prompt?

You don't always have to go looking for 2FA settings; the system will guide you when it’s time. You will typically encounter 2FA enrollment or verification in one of three ways:

  1. When Signing In: If your company requires 2FA for an application, you will be prompted to set it up immediately after entering your password.

  2. When Performing High-Security Actions (Step-up): Even if you logged in without 2FA, you might be asked for a code when performing sensitive tasks, such as changing bank details or deleting records.

  3. Self-Enrollment: You can choose to enable 2FA at any time by visiting your Account Settings to ensure your profile is protected even if it isn't required yet.

Key Terms You’ll Encounter

To make our documentation easier to navigate, here are the three main components of Visma 2FA:

  • Visma Authenticator: Our official mobile app that lets you log in by simply tapping "Approve" on your screen.

  • Recovery Code: A unique "Master Key" generated during setup. It is your only way to log in if you lose your phone/device or access.

  • Push Notification: The message that pops up on your phone to let you approve a login instantly.


⏭️ What’s Next?

To continue setting up your account or to learn more about how security policies work, choose a guide below:

Document 2: How to Set Up 2FA (Step-by-Step)

  • Best for: Users ready to install the app and secure their account now.

Document 3: Understanding Policies

  • Best for: Admins and users who want to know why 2FA behaves differently (Required vs. Adaptive) across various apps.

© 2026 Visma