Two-factor authentication provides another layer of security to your Zendesk account by requiring agents and administrators to provide an expirable passcode when signing in.
Two-factor authentication can be used by agents or administrators who sign in to your Zendesk using Zendesk authentication. It's not available for agents or administrators who sign in using third-party authentication such as Google authentication services, JWT, or SAML. However, these users might still be able to use third-party two-factor authentication such as Google 2-Step Verification if you're using Google authentication.
You can require two-factor authentication for all agents and administrators, or each agent or administrator can set up two-factor authentication for their own use.
You can use two-factor-authentication on the Zendesk website or with the Zendesk iOS or Android apps. However, the Zendesk REST API doesn't currently support two-factor authentication. See Using the API when 2-factor authentication is enabled in the Developers guide.
Requiring two-factor authentication on the account
You can require two-factor authentication for all agents and administrators. Once this setting is enabled, admins and agents will be required to set up two-factor authentication the next time they sign in. We recommend sending them a notification with a link to the Using two-factor authentication article in the Agents guide.
By default, when you require two-factor authentication, agents and administrators only have to enter a passcode once every 30 days. They will always be asked for a passcode when they sign in from a different device for the first time.
If agents and administrators want to enter a passcode every time they sign in, they can uncheck the Don't ask again on this computer for 30 days option on the dialog box that prompts for a passcode. They always have this option available in the dialog box, you can't configure it.
To require two-factor authentication
- In Admin Center, click the Account icon (
) in the sidebar, then select Security > Advanced.
- On the Authentication tab, select Require two-factor authentication.
- Click Save.
Tracking who's using two-factor authentication
You can generate a CSV spreadsheet listing all the admins and agents in your account and whether or not they're using two-factor authentication.
- In Admin Center, click the Account icon (
) in the sidebar, then select Security > Advanced.
- On the Authentication tab, click Generate 2FA status report.
- Check your Zendesk email. You should get an email shortly with a link to download the spreadsheet.
Getting a recovery code for somebody else
If an agent or admin exhausts or loses their recovery codes and can't sign in, the account owner can generate a recovery code for them.
- Locate and open the user's profile page. In Admin Center, click the People icon (
) in the sidebar, then select Team > Team members.
- On the user's profile page, open the Security Settings tab and click the Show Recovery Code link.
- Copy the code and send it to the agent or admin. You may also want to share a link with instructions for using a recovery code.
2 Comments
Hi,
Can two-factor auth not be applied to end users & only agents/admins?
Thank you,
There are pages for endusers and one for agents/admins. But you can't setup different SSO for each type. You can only disable it for both or one of the types.
Please sign in to leave a comment.