Managing 2-factor authentication Follow

Comments

15 comments

  • Avatar
    DJ Jimenez

    The link to "Using the API when 2-factor authentication is enabled" no longer works. It goes to a 404. Is it in another article?

  • Avatar
    Charles Nadeau

    Sorry DJ. Link fixed.

    Charles

  • Avatar
    Jonathan Gadd (Edited )

    Thanks for this article

  • Avatar
    Aleksander Moldrup Nielsen

    Hello,

    Is it possible to require 2-factor authentication everytime by disabling the "Remember me/Dont ask the next 30 days" option?

  • Avatar
    Jessie - Community Manager

    Welcome to the Community, Aleksander!

    I'm not sure about this, so I'm going to see if I can find someone who can answer your question. Stand by!

  • Avatar
    Stephen Fusco

    Hello Aleksander, 

    By default, you only have to enter a passcode once every 30 days. Your agents can elect to use 2 factor authentication every time when using the same computer though. 

    To enter a passcode every time you sign in, uncheck the Don't ask again on this computer for 30 days option on the dialog box that prompts you for a passcode. This will require 2-factor authentication every time. This setting is up to the individual user to decide and there are no global controls for this. 

    You will always be required to use two factor authentication when using a new device though. 

  • Avatar
    Neeraj

    I had changed my handset and I also have lost the 2 factor authnetication details. 
    As a result I cannot login to my account. Please help.

     

  • Avatar
    Nicole - Community Manager

    Hi Varsha - 

    That sounds like it's going to need some troubleshooting that requires account details, so I'm going to create a support ticket for you. Look for an email from me shortly. 

  • Avatar
    Hemlata Mansukhani

    Hi,

    Password-based authentication to the Zendesk API will be disabled when two-factor authentication is required. - Is there a work around on this? I integrated Shippit t my Zendesk account and I stopped receiving emails after enabling 2FA.

    Thank you

     

  • Avatar
    Jessie - Community Manager

    Hi Hemlata!

    I'm going to see if I can find someone to help you with this, since I don't know the answer. Stand by!

  • Avatar
    Adam L.

    Hi Hemlata,

    You should still be able to use OAuth or an API key for this, more details can be found here:

    https://developer.zendesk.com/rest_api/docs/core/introduction#security-and-authentication

     

     

  • Avatar
    Fritzie

    Hi.

    I don't have an option to activate 2-factor authentication for some of my agents.All settings are good. Tried logging in and out but no option. What to do? 

    Thanks in advance. 

  • Avatar
    Jessie - Community Manager

    Hi Fritzie! Welcome to the Community!

    Can you be more specific about what's happening when you try to enable 2-factor authentication? If you can walk me through what you're doing step by step, and specify which agents you're having trouble with, that will help us figure out what's going on!

  • Avatar
    David Rose

    With GDPR around the corner, one of the things we have to ensure is the security of data - making sure that data isn't available to someone that doesn't need it.

    Unfortunately Zendesk has opened up a minefield for us. 
    Unless I'm mistaken there's no way for an agent to be logged out automatically after a period of inactivity - so if they forget to logout, any personal data in Zendesk is available to anyone that has access to that PC. 

    I thought that 2FA might address this, by insisting that users were validated on a regular basis, but it seems that the end user can just turn off 2FA on a device for 30 days - so if an agents laptop were stolen, the thief could have immediate access to any personal data stored in ZD.
    Additionally I'm surprised that the mobile app doesn't have any kind of "re-authorisation" - every other app I use that has access to personal data, has the option to re-authorise (via a pin or fingerprint) every time the app gets accessed by the user.

    What are others doing about this and what are ZD's recommendation ?

  • Avatar
    Nicole - Community Manager

    Hi David - 

    For the Zendesk response, please email your question to privacy@zendesk.com. Normally we don't like to make people switch channels for an answer, but since GDPR deals with legal compliance, our legal team has limited the scope of what we can answer about GDPR in the community and has asked that all GDPR-related questions be directed their way. 

Please sign in to leave a comment.

Powered by Zendesk