Universal Login Multifactor Authentication (MFA)

While passwords are the first line of defense, Multifactor Authentication (MFA) adds an additional step to ensure that only you can access your account. With MFA, even if someone gets your password, they still need a second form of verification to log in. This greatly reduces the risk of unauthorized access and enhances your overall security.

This feature has limited capabilities and may not be fully functional for all clients.

How MFA Works

MFA is supported for both web and mobile login. Follow the steps below for your login method.

Logging In on Web

For a visual demonstration of the web login process, refer to the video here.

  1. Enter your username and password as usual.

  2. An access code will be emailed to you and you'll be directed to the access code screen.
  3. Enter the access code.

  4. You'll be authenticated and redirected to the Home screen.

Logging In on the Bullhorn Mobile App

Before using MFA on mobile, make sure your Bullhorn Mobile App is updated to the latest version.

  1. Open the Bullhorn Mobile App.

  2. Tap Log in with Username.

  3. Enter your username and password.

  4. An access code will be emailed to you — enter it when prompted.

  5. You'll be authenticated and taken to the Home screen.

Enablement Request

Before requesting MFA enablement, make sure all users have an active primary email address on their Bullhorn user account — users without one will not be able to log in once MFA is enabled. Do not add email addresses to API users, as they are not affected by MFA.

  1. Ensure every ATS user account under your corp has an active email address.

  2. Contact Bullhorn Support with your preferred enablement date and we'll work with you to find a time that suits.

  3. Once a date is confirmed, communicate it to your users ahead of time so they know what to expect. You're welcome to link them to the video below for a visual demonstration.

Once Bullhorn enables MFA, it will be active for all users automatically — no further action is required.

FAQ

Can I enable MFA if my company uses an SSO provider?

No — if your company uses an SSO provider, we recommend configuring MFA through your SSO provider directly, not through Bullhorn's Universal Login MFA.

What verification methods are supported for MFA?

Currently, email verification is the only supported method. When you log in, an access code will be sent to the primary email address associated with your Bullhorn user account.

Does Bullhorn MFA remember my browser so I don't have to verify every time?

No, Bullhorn MFA does not retain browser information. You'll be prompted to enter a verification code every time you log in.

Can I use MFA with the Bullhorn Mobile App?

Yes! MFA is supported on the Bullhorn Mobile App for users with MFA enabled. Update your app to the latest version and tap Log in with Username to be prompted for email verification. SSO users should continue to use Log in with SSO as usual.

Does the user need to use the MFA every time they log in after this feature is enabled?

Yes, going forward after enablement, all users will be prompted to every time to enter the code sent to their email.

How long is the emailed MFA access code valid for?

The emailed MFA access code is valid for 5 minutes (300 seconds). If it expires before you enter it, you'll need to log in again to request a new code.

Does MFA apply to API users?

No, API users accessing Bullhorn via the REST API will not be prompted for an MFA access code. MFA applies to standard user accounts only.

Video Demo (Web Login)