What's my plan?

Available on all Suite plansAvailable in all products

Quick Look: Admin Center > Account > Security > Advanced

Two-factor authentication provides another layer of security to your Zendesk account by requiring agents and administrators to provide an expirable passcode when signing in.

Two-factor authentication can be used by agents or administrators who sign in to your Zendesk using Zendesk authentication. It's not available for agents or administrators who sign in using third-party authentication such as Google authentication services, JWT, or SAML. However, these users might still be able to use third-party two-factor authentication such as Google 2-Step Verification if you're using Google authentication.

You can require two-factor authentication for all agents and administrators, or each agent or administrator can set up two-factor authentication for their own use.

This article covers the following topics:
  • Important considerations before enabling two-factor authentication
  • Requiring two-factor authentication on the account
  • Tracking who's using two-factor authentication
  • Getting a recovery code for somebody else
Related articles:
  • Getting recovery codes for team members locked out of their accounts
  • About two-step verification
  • Understanding options for end-user access and sign-in

Important considerations before enabling two-factor authentication

Before turning on two-factor authentication, make sure you understand the following important considerations:
  • Admins can't turn on or require two-factor authentication for end users. End users can optionally turn on two-factor authentication in their help center profile, as described in Accessing help center with two-factor authentication.
  • You can use two-factor authentication on the Zendesk website or with the Zendesk iOS or Android apps. However, the Zendesk REST API doesn't currently support two-factor authentication. See Using the API when 2-factor authentication is enabled in the Developers guide.
  • Requiring two-factor authentication disables password-based authentication to the Zendesk API.

Requiring two-factor authentication on the account

You can require two-factor authentication for all agents and administrators. Once this setting is turned on, admins and agents will be required to set up two-factor authentication the next time they sign in. We recommend sending them a notification with a link to the Using two-factor authentication article.

By default, when you require two-factor authentication, agents and administrators only have to enter a passcode once every 30 days. They will always be asked for a passcode when they sign in from a different device for the first time.

If agents and administrators want to enter a passcode every time they sign in, they can uncheck the Don't ask again on this computer for 30 days option on the dialog box that prompts for a passcode. They always have this option available in the dialog box; you can't configure it.

To require two-factor authentication

  1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
  2. On the Authentication tab, select Require two-factor authentication.
  3. Click Save.

Tracking who's using two-factor authentication

You can generate a CSV spreadsheet listing all the admins and agents in your account and whether or not they're using two-factor authentication.

  1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
  2. On the Authentication tab, click Generate 2FA status report.
  3. Check your Zendesk email. You should get an email shortly with a link to download the spreadsheet.

Getting a recovery code for somebody else

If an agent or admin exhausts or loses their recovery codes and can't sign in, a Zendesk admin or the account owner can generate a recovery code for them. See Getting recovery codes for agents to restore access to their accounts.

Powered by Zendesk