If you sign in to Zendesk using standard Zendesk authentication, you can turn on two-factor authentication. Two-factor authentication makes it difficult for somebody else to sign in as you. After you enter your password as usual, you'll be asked to enter a 6-digit passcode. You can get the passcode from a text message (SMS) or a two-factor authentication app installed on your mobile device.
If you want to get your passcodes from a two-factor authentication app, install one on your mobile device before turning on two-factor authentication in Zendesk Support. Two-factor authentication apps include Google Authenticator, Authy, Symantec VIP, and Duo Mobile. The app displays a valid passcode on the opening screen. You typically get 30 seconds to use it before it expires, then the app displays a new passcode.
By default, you only have to enter a passcode once every 30 days. You can choose to enter a passcode every time you sign in.
An admin can require two-factor authentication for all agents and administrators, but the admin can't set it up for them. You'll need to set it up the next time you sign in, as described in Turning on two-factor authentication. Even if it's not a requirement, you can still set up two-factor authentication for your own use.
Admins can refer to Managing two-factor authentication for agents and admins to learn about important considerations before turning on two-factor authentication.
This article covers the following topics:
Using a recovery code to regain access to your account
If you lose your phone or can't access your device, you can use one of your recovery codes to reaccess your account. Recovery codes were displayed once upon initial setup of two-factor authentication. When prompted for a passcode at sign-in, enter one of your recovery codes.
You can only use each code once. If you use up all your codes or can't find them, ask your Zendesk admin or account owner to get a recovery code for you.
Turning on two-factor authentication
- In the Zendesk Support agent interface, click your user icon in the upper right and select View profile.
- Click the Security Settings tab.
- In the Two-Factor Authentication section, click Manage.
- Click Set up 2FA.
A dialog appears with two options to get the passcodes.
- Depending on how you want to get your passcodes when you sign in, select Authenticator app or SMS, then click Next.
- Follow the onscreen instructions to set up two-factor
authentication. For more information, see:
Configuring a two-factor authentication app
Make sure a two-factor authentication app is installed on your mobile device. Examples include Google Authenticator, Authy, Symantec VIP, and Duo Mobile.
- If not already done, choose Authenticator
app in the Set up two-factor authentication
(2FA) dialog in Turning on two-factor authentication, then click
Next.
You are directed to the Connect your 2FA method step.
- Start the two-factor authentication app on your
device, select the option to add an entry, and
point your device's camera at the QR code (the
blocky square) on the Zendesk dialog in your
browser window.
The mobile app might refer to this action as Scan Barcode.
The app should automatically scan the QR code and generate a passcode. If you have trouble scanning the QR code, you can manually enter the secret key that's provided.
Note: Scanning the barcode is a one-time-only step. - Enter the 6-digit passcode generated by the app, then click Save.
- Click Copy recovery codes and save them in a safe location. If you lose your phone or can't get a passcode, you must use a recovery code to sign in. See Using and getting more recovery codes.
From now on, when you sign in, you can get a valid passcode by simply opening a two-factor authentication app on your device. The app displays a valid passcode on the opening screen. You typically get 30 seconds to use it before it expires, then the app displays a new passcode.
The app doesn't need an Internet connection to display valid passcodes.
Configuring text messages (SMS)
- If not already done, choose SMS in the Set up two-factor authentication (2FA) dialog in Turning on two-factor authentication, then click Next.
- Enter a phone number that can receive text messages,
then click Send passcode.
A text message will be sent to the number shortly.
Note: The phone number must be in E.164 format. - Enter the 6-digit code sent to you, then click
Save.
SMS passcodes for 2FA are valid for 60 seconds.
- Click Copy recovery codes and save them in a safe location. If you lose your phone or can't get a passcode, you must use a recovery code to sign in. See Using and getting more recovery codes.
From now on, when you sign in, you can get a valid passcode from a text message sent to your phone.
Changing how often you enter a passcode
By default, you only have to enter a passcode once every 30 days. You'll always be asked for a passcode when you sign in from a different device for the first time.
To enter a passcode every time you sign in, uncheck the Don't ask again on this computer for 30 days option on the dialog that prompts you for a passcode:
Turning off two-factor authentication
If two-factor authentication is not a requirement, but you turned it on anyway, you can turn it off.
- In the Zendesk Support agent interface, click your user icon in the upper right and select View profile.
- Click the Security Settings tab.
- In the Two-Factor Authentication section, click Manage.
- Click Turn off 2FA.