Managing two-factor authentication (2FA)

Return to top

8 Comments

  • Lisa Springall

    Hi,

    Can two-factor auth not be applied to end users & only agents/admins?

    Thank you,

    0
  • sebastian

    There are pages for endusers and one for agents/admins. But you can't setup different SSO for each type. You can only disable it for both or one of the types.

    1
  • Agyeman Danso

    Any way to have 2fa send code to email addresses?

    0
  • Dave Dyson
    Zendesk Community Manager
    Hi Agyeman,
     
    The account owner can generate a 2FA recovery code. They could then create a ticket for the user in Zendesk with the codes, which would send an email notification to the user. Otherwise, they could use an external email account or other method to send the codes. Is that what you're asking?
    0
  • jihoon lee

    How long is the recovery code valid? I think the recovery code will expire someday.

    0
  • Brett Bowser
    Zendesk Community Manager
    Hey 지훈 이,
     
    From what I've found in our documentation there isn't any expiration date for these recovery codes. 
     
    As long as these agents exist in your account their recovery code should be valid.
     
    Let us know if you have any other questions!
    0
  • Bobby Dovicsak

    The first section notes that when using SSO, the two-factor is not available through Zendesk directly, but can be managed through the SSO provider instead.

    What happens though if we have a mix of agents/admins using SSO and Zendesk Authentication? Our on-staff internal agents use SSO, but our 3rd party contractor agents use Zendesk Authentication via the /normal link.

    If "Require two-factor..." is enforced for all agents/admins, does it simply ignore the SSO users, but still enforce TFA for those 3rd party agents using Zendesk Authentication?

    0
  • Dane
    Zendesk Engineering
    Hi Bobby,
     
    I have tested the behavior in Okta and 2FA will work for Zendesk authentication on the page that is not setup as a default relay state.
     
    For example, I have setup my SSO to login while on subdomain.zendesk.com/agent. If my agent go to subdomain.zendesk.com/hc they have the option to use other sign in method that is available for the account. 2FA can still be used if Zendesk authentication is enabled.
     
    Hope this helps!
    0

Please sign in to leave a comment.

Powered by Zendesk