Two-factor authentication makes it difficult for somebody else to sign in as you. After you enter your password as usual, you'll be asked to enter a 6-digit passcode. You can get the passcode from a text message (SMS) or a two-factor authentication app installed on your mobile device.
An admin can require two-factor authentication for all agents and administrators, but the admin can't set it up for them. If it's required, you'll be prompted to set it up when you sign in. Even if it's not a requirement, you can still set up two-factor authentication for your own use.
Admins can refer to Managing two-factor authentication to learn about important considerations before turning on two-factor authentication.
This article covers the following topics:
Using a recovery code to regain access to your account
If you lose your phone or can't access your device, you can use one of your recovery codes to reaccess your account. Recovery codes are displayed once upon initial setup of two-factor authentication. When prompted for a passcode at sign-in, enter one of your recovery codes.
You can only use each code once. If you use up all your codes or can't find them, ask your Zendesk admin or account owner to get a recovery code for you.
Turning on two-factor authentication
If two-factor authentication isn't required, you can turn it on for your own use.
To turn on two-factor authentication
- In the Zendesk Support agent interface, click your user icon in the upper right and select View profile.
- Click the Security Settings tab.
- In the Two-factor Authentication section, click Manage.
- Click Set up 2FA.
- Click Next.
- Continue to the sections below, depending on how you'd like to receive passcodes:
Configuring an authenticator app or text messages to receive passcodes
You have the option to receive passcodes using a two-factor authentication app or through a text message.
Configuring an authenticator app
To use an authenticator app to receive passcodes, you must install a two-factor authentication app on your mobile device. Two-factor authentication apps include Google Authenticator, Authy, Symantec VIP, and Duo Mobile. The app displays a valid passcode on the opening screen. You typically get 30 seconds to use it before it expires, then the app displays a new passcode.
- Select Authenticator app in the Set up
two-factor authentication (2FA) dialog, then click
Next.
This dialog appears after turning on 2FA, or upon sign-in when 2FA is required.
You are directed to the Connect your 2FA method step.
- Start the two-factor authentication app on your
device, select the option to add an entry, and
point your device's camera at the QR code (the
blocky square) on the Zendesk dialog in your
browser window.
The mobile app might refer to this action as Scan Barcode.
The app should automatically scan the QR code and generate a passcode. If you have trouble scanning the QR code, you can manually enter the secret key that's provided. Scanning the barcode is a one-time-only step.
- Enter the 6-digit passcode generated by the app, then click Save.
- Click Copy recovery codes and save them in a safe location. If you lose your phone or can't get a passcode, you must use a recovery code to sign in.
From now on, when you sign in, you can get a valid passcode by simply opening a two-factor authentication app on your device. The app displays a valid passcode on the opening screen. The app doesn't need an internet connection to display valid passcodes.
Configuring text messages (SMS)
To configure text messages for two-factor authentication, make sure you include a phone number that is eligible to receive the transactional SMS messages. Some countries, such as India, have restrictions. For more information, see SMS Guidelines.
To configure text messages
- Select SMS in the Set up two-factor
authentication (2FA) dialog, then click
Next.
This dialog appears after turning on 2FA, or upon sign-in when 2FA is required.
- Enter a phone number that can receive text messages,
then click Send passcode.
A text message will be sent to the number shortly.
Note: The phone number must be in E.164 format. - Enter the 6-digit code sent to you, then click
Save.
SMS passcodes for 2FA are valid for 60 seconds.
- Click Copy recovery codes and save them in a safe location. If you lose your phone or can't get a passcode, you must use a recovery code to sign in.
From now on, when you sign in, you can get a valid passcode from a text message sent to your phone.
Changing how often you enter a passcode
By default, you only have to enter a passcode once every 30 days. You'll always be asked for a passcode when you sign in from a different device for the first time.
To enter a passcode every time you sign in, uncheck the Don't ask again on this computer for 30 days option on the dialog that prompts you for a passcode.
Turning off two-factor authentication
If two-factor authentication is not a requirement, but you turned it on anyway, you can turn it off.
- In the Zendesk Support agent interface, click your user icon in the upper right and select View profile.
- Click the Security Settings tab.
- In the Two-Factor Authentication section, click Manage.
- Click Turn off 2FA.
41 comments
Cheeny Aban
As of the moment, 2FA is configured per user account and it is not yet possible to deactivate 2FA for certain agents. Nonetheless, we encourage you to post feedback to your feedback section. We truly value customer feedback and your voice and votes on the product feedback topics in the community help influence future Zendesk functionality
0
James York
I am being billed for a support centre I shut down - but the 2FA number is blocking me logging in and checking. I don't have the phone it is attached to. It seems in order to reset it I have to.... login. Which I can't without 2FA. A doom loop - can someone help???
0
Audrey Ann Cipriano
Hi James York I'll create a ticket on your behalf so we can check on your account. You'll receive an email shortly. Talk to you there! :)
0
Brandon Quan
Hello
We use SSO that has its own MFA method is there a way to edit the profile link for 2FA to allow for our users to get to our SSO self-service page?
0
Joyce
Are you referring to the 2FA manage link below?
If so, I'm afraid that this link is not editable. The two-factor authentication on the profile page is dedicated to the standard Zendesk authentication.
0
Dana B
This is no longer an option for agents:
"After you're signed in, you can get another set of recovery codes from your user profile page as follows, as it asks to only change the way you receive recovery codes:
Please advise how an agent can download recovery codes ASAP as I am going on vacation and I want to remind the agents how to do this in advance.
Thank you
Dana
0
Dainne Kiara Lucena-Laxamana
Hi Dana B ,
At the moment, that's the only place where agents & admins can download their recovery codes. If they don't have access to their profile, the account owner or one of the admins can get a recovery code for them in their stead: Getting a recovery code for somebody else
0
Dana B
Thank you, Dainne Lucena
I would strongly encourage Zendesk to re-enable this. We have a 7 day a week support desk and there are no admin or owner of the account on the weekends. Agents should have the ability to download their own codes. Is there a reason for the change?
0
Vladislav Ilin
For some reason, there is no 2fa on my page. See below
0
Olivia Lasala
Hello,
Is it possible to make sure 2FA is only turned on for agents/admins and not end users? When checking the box to turn it on in the admin center (Security→Advanced→Authentication) , it's asking me to choose Session Expiration time for both admin/agents AND end users.
Does this indicate it will be turned on for both? How do I make sure this doesn't happen?
Thank you.
1
Rohit Kumar Singh
Don't have your phone?
You can always enter a recovery code in the box above.
0