Using two-factor authentication to sign in to Zendesk Support

Return to top

31 Comments

  • PAUL STRAUSS

    If an agent's phone number changes, how can I change it so they continue to receive the SMS 2FA codes?

    0
  • Wilfred Kaw

    Hello @pstrauss,

    An Agent can make this change in their own profile by following this process:

    1) Select the Admin gear icon on the lefthand side of your Zendesk Support and choose People.
    2) Search your own name and select edit.
    3) Then select the 'Security settings' tab.
    4) Once there, choose 'Edit' under 'Two-Factor Authentication'
    5) Select Use SMS, and you'll be able to update the Two-Factor Authentication number.

    You can learn more about Managing 2-factor authentication here:

    Managing 2-factor authentication

    -1
  • Lee Jones

    If 2FA is already enabled, but set to SMS, is there a way to switch only selected users to "use mobile app" or is this a global setting.  If it is switched over to "use mobile app"  would it force the users to register the app on next log on, or simply provide an option.

    Thanks

    0
  • Juraj Jarmek

    Hello @...,

    Please note it is possible to have only one 2FA method, either SMS or the mobile app, not both.

    The agents need to specify which they want to use themselves when setting up their 2FA.

    If the 2FA method is switched from one to the other, the next time the agent signs on they would be forced to use that method.

    Whatever the method, when the agent chooses the method, they will either have to scan the QR code with the mobile app, or provide a telephone number in their profile for the SMS.

    Hope that clarifies!

    1
  • Jeffery Birks

    Given you already support google authenticator then there is a hardware token that can be used with zendesk - you can use a safeid/diamond token;

    https://deepnetsecurity.com/authenticators/one-time-password/safeid/

    The token is a programmable token so would be seeded using the same QR code you use when seeding the google authenticator app (you use an app on your phone or PC to program the token via NFC).  Once programmed it generates the same OTP codes the google authenticator produces but is then a fully independent and self-powered device.

    0
  • Dave Dyson

    Thanks, Jeffrey!

    0
  • Azaliya Sharipova

    Hello,

    I cannot log in to my Zendesk account (email asharipova@cloudlinux.com) because of the 2FA. I don't receive a message with a code, and the code from apps is not working. Can you please disable 2FA in my account or help me with a code?

    0
  • Jeff C
    Zendesk Customer Care

    Hello Azaliya,

    Sorry about the trouble however Zendesk does not have the capability to disable 2FA on your account or provide you with a code unless there is no one else who is able to do it for you. 

    We suggest reaching out to any of the admins in your Support instance for assistance in this matter.

    0
  • David Melik

    End-users need this also; extremely poor/insecure/unsafe design.

    2
  • mfg

    I'd like to roll this out to our users, but I'm unclear what that would look like once I enable 2FA.. Could you explain how the users configure their phone number? Once rolled out, if they don't already have one, will they be prompted or sent an email to add a phone number?

    0
  • Dane
    Zendesk Engineering
    Hi mfg,
     
    The behavior when you enable 2FA is discussed in Enabling 2-Factor Authentication. Once your agent logs in, they will be prompted to enable it by mobile app or SMS.
     
    Hope this helps!
    0
  • Matt Newnham

    I would like to request that 2FA be required on every log in. This is a security requirement from a government agency.

    2
  • Stan Kutzko

    The topic notes "2-factor authentication apps include Google Authenticator, Authy, Symantec VIP, and Duo Mobile."  Can Microsoft Authenticator be used?  

    0
  • Dainne Lucena
    Zendesk Customer Care

    Hi Stan Kutzko

    Yes, Microsoft Authenticator can be used. Those are just the commonly used authenticators. 

    1
  • Ronald Lantong

    Hello Dainne Lucena

    I'm having trouble logging in; it says the authentication code is invalid even when I enter the code displayed in Google authentication via my mobile phone. I even tried a recovery code, but it didn't work. Please assist. Thanks!

    0
  • Sravanthi Muppavarapu

    Hello Team, 

    Does 2FA prompt for an approval when someone is logging through API? 

    0
  • Sabra
    Zendesk Customer Care

    Hey Sravanthi Muppavarapu! If a user has 2FA enabled and attempts to use basic authentication (email/password) to authenticate their API call, there will not be a prompt for 2FA. Instead, the API call will fail with a 401 error due to 2FA being enabled. To successfully make API calls with 2FA enabled, we recommend one of the other authentication methods listed here: Security and authentication

    0
  • Stan Kutzko

    Can two factor authentication be used for user access?  If not today, does Zendesk plan to offer this as an option?

    0
  • Darenne
    Zendesk Customer Care

    Hi Stan Kutzko

    When you say 2FA for user access, did you mean as a standard Zendesk sign-in? If so, I don't think this is an option yet as 2FA is a  security system that requires two separate, distinct forms of identification in order to access the account and this is only used for another layer of security for your agents/admins. 

    I can mark this as feedback so our dev/product team can check and evaluate this! However, I'd like to manage your expectations that we can't provide an exact ETA but if there's an update about this, all our customers will be able to get about a new feature.

    On the other hand, if this is not what you're referring to, kindly please provide us with more information about what you're trying to achieve so we can provide an accurate response.

    0
  • Stan Kutzko

    Hi Darenne,

    We are looking for additional security when our users (end user consumer) signs in to our help desk.  Ideally, we'd like to see both the following authentication options:

    • Email verification code to email address on file;
    • Text a code to their cell phone number on file, or;
    • Allow them to use an authenticator such as Google Authenticator, Authy, Symantec VIP, Duo Mobile or Microsoft Authenticator.

    Since this is an end-user allowing them multiple options to authenticate would be crucial to a good user experience.  Thanks!

    0
  • Darenne
    Zendesk Customer Care

    Hi Stan Kutzko

    Thanks for the clarification. At this time, unfortunately, we don't support this feature. I've taken a look and found that other users are discussing similar needs here: https://support.zendesk.com/hc/en-us/community/posts/4408860744346 

    You can up-vote that original post and add your detailed use case to the conversation. Threads with a high level of engagement ultimately get flagged for product managers to review when they go through roadmap planning.

    Specific examples, details about impact, and how you currently handle things are the most helpful things to share to help our product teams understand the full scope of the need when working on solutions. We truly value customer feedback and your voice and votes on the product feedback topics in the community help influence future Zendesk functionality.

    0
  • Aaron Peace

    It looks like there is an important section of this article missing.

    Quote:

    An admin can require 2-factor authentication for all agents and administrators, but the admin can't set it up for them. You'll need to set it up the next time you sign in, as described in Enabling 2-factor authentication below. Even if it's not a requirement, you can still set up 2-factor authentication for your own use.

    If you are wanting to force all ZenDesk Agents to set up 2FA when they next log in, the ability to do so is referenced but never elaborated on. Please, find the option following the path below: 

    Admin Center > Security: Advanced > Authentication > Require two-factor authentication (2FA): Require all team members to use 2FA when they sign in to Zendesk.

    I believe there is a separate article that again goes unreferenced here:
    https://support.zendesk.com/hc/en-us/articles/4408826974874

    0
  • Isobel M

    As per security best practises we'd like to make it so that our team can only set up using an authenticator and not a mobile. Is this something that's possible, or is it on the security roadmap?

    0
  • Jennifer Gillespie

    How does enabling 2 -factor authentication impact Webhooks?

    0
  • Joyce
    Zendesk Customer Care
    Hi Isobel,
     
    Enabling 2-factor authentication will require the use of mobile devices. I'm afraid that there's currently no option to solely use an authenticator alone. I encourage you to create a new post in the General Product Feedback topic in our community to engage with other users who have similar needs and discuss possible workarounds. Conversations with a high level of engagement ultimately get flagged for product managers to review when they go through roadmap planning.
    0
  • Joyce
    Zendesk Customer Care
    Hi Jennifer,
     
    Enabling 2-factor authentication should not have an impact with Webhooks. If your Webhooks uses API token that are generated from the Admin Center, those tokens are not used in 2-factor authentication. In addition, this should also not have any impact with Webhooks using basic authentication (username/password)
    0
  • Steve Lacoss

    If your webhooks uses basic authentication, you will have to update them to API token or Oauth when setting to require 2FA. This article explains the details.

    https://developer.zendesk.com/documentation/ticketing/using-the-zendesk-api/using-the-api-with-2-factor-authentication-enabled/

    0
  • Divya Moryani

    Hello! I had set it up, however when I enter my 2FA from Authentication App i get "Re-enter the passcode and try again" error. Im not able to login to Zendesk,

    Haven't changed my number also, Please help here. 

    0
  • Brett Bowser
    Zendesk Community Manager
    Hey Divya,

    I'm going to create a ticket on your behalf so our Customer Care team can look into this further with you.
     
    You'll receive an email shortly stating your ticket has been created.
     
    Cheers!
    0
  • Yen Nhi

    Hello!
    We currently have the 2FA activated for all agents. Is it possible to deactivate it for certain agents? As this option does not work if the 2FA is activated:

    1. In the Zendesk Support agent interface, click your user icon in the upper right and select View profile.
    2. Click the Security Settings tab.
    3. In the Two-Factor Authentication section, click Manage.
    4. Click Turn off 2FA.

    Is there another way to turn it off for specific agents? Thanks a lot!

    0

Please sign in to leave a comment.

Powered by Zendesk