HomeBlogs

How to Setup 2FA (Two-Factor Authentication) in Horilla HR Software

HRMS Software

August 7, 2025

Security is a top priority in any HR management system, and Horilla takes this seriously by offering built-in support for Two-Factor Authentication (2FA). With just a small configuration tweak, you can add an extra layer of protection to your employee data and user accounts.

With just a simple configuration, you can enable OTP-based authentication, ensuring that only authorized users can access the system even if their password has been compromised.

In this blog, we’ll guide you through how to enable 2FA in Horilla, so users are required to verify their identity with a one-time password (OTP) during login.

What is 2FA (Two-Factor Authentication)?

Two-factor authentication (2FA) is a security technique that requires users to present two forms of identity before accessing an account.

Something you know (like your password)
Something you have (like an OTP sent to your email)

2FA significantly lowers the likelihood of unauthorized access by demanding both. Even if an attacker knows a user’s password, they would still need access to their email to complete the login process.

Step-by-Step Guide to Enable 2FA (Two-Factor Authentication) in Horilla HRMS

Implementing 2FA in Horilla is a quick and straightforward process. Follow these steps to secure your application:

1. Configure Mail Server

Before enabling 2FA, you must ensure that the mail server is configured properly. Horilla sends OTP codes via email, so this is a critical prerequisite.

Once the mail server is configured, you’re ready to activate 2FA.

2. Enable the 2FA Flag

To turn on Two-Factor Authentication, you simply need to update a setting in your Horilla project configuration file.

In your Horilla project, locate the file:

horilla/horilla_apps.py

Inside this file, add or update the following setting:

TWO_FACTORS_AUTHENTICATION = True

This simple flag activates the two-factor authentication mechanism.

Once enabled, here’s what the login process looks like:

The user enters their username and password.
Horilla verifies the credentials, then generates a time-limited OTP.
The user’s registered email address receives the OTP.
The user must input their OTP on the verification page.
After verification, the user is granted access.
This assures that only users who have access to their email may log in, even if they know their password.

Sample Email

When a user logs in, they will receive an email like:

Subject: Your OTP Code

Body: Your OTP Code is: 904194. You have to enter the page that comes after the login with the username and password,

Then

Why You Should Enable It

Protect sensitive employee data
Prevent unauthorized access from compromised passwords
Easy to enable and seamlessly integrates into existing login flows

Conclusion

Enabling 2FA in Horilla is as simple as toggling a configuration, but it significantly boosts your system’s security. Whether you manage a small team or a large business, safeguarding your HR data is critical.

Horilla Editorial Team Author

Horilla Editorial Team is a group of experienced writers and editors who are passionate about HR software. We have a deep understanding of the HR landscape and are committed to providing our readers with the most up-to-date and informative content. We have written extensively on a variety of HR software topics, including applicant tracking systems, performance management software, and payroll software etc. We are always looking for new ways to share our knowledge with the HR community. If you have a question about HR software, please don't hesitate to contact us.