Two-factor authentication enhances security by adding an extra layer of protection, making it difficult for somebody else to sign in as you. When two-factor authentication is turned on, end users are asked to enter a passcode after entering their password when signing in. End users can get the passcode from a two-factor authentication app installed on their mobile device.
If two-factor authentication is required, you'll be prompted to set it up when you sign in. Even if it's not a requirement, you can still set it up for your own use.
If you're an agent, see Using two-factor authentication to sign in to Zendesk Support to learn how to turn on two-factor authentication in the Zendesk Support agent interface.
This article covers the following topics:
Turning on two-factor authentication
If two-factor authentication isn't required, you can turn it on for your own use.
- Click your profile icon on the upper-right side of any help center page, then click Profile to display your profile.
- Click Edit profile.
- Click Manage 2FA.
- Click Set up 2FA.
- Click Next.
- Continue to Configuring an authenticator app to receive passcodes to set up an authenticator app.
Configuring an authenticator app to receive passcodes
To use an authenticator app to receive passcodes, you must install a two-factor authentication app on your mobile device. Two-factor authentication apps include Google Authenticator, Authy, Symantec VIP, and Duo Mobile. The app displays a valid passcode on the opening screen. You typically get 30 seconds to use it before it expires, then the app displays a new passcode.
- The Set up two-factor authentication (2FA) page displays after turning on
2FA, or upon sign-in when 2FA is required. Click Next to confirm
you've installed an authenticator app on your mobile device.
You are directed to the Connect your 2FA method step.
- Start the two-factor authentication app on your device, select the option to
add an entry, and point your device's camera at the QR code (the blocky
square) on the Zendesk dialog in your browser window.
The mobile app might refer to this action as Scan Barcode.
The app should automatically scan the QR code and generate a passcode. If you have trouble scanning the QR code, you can manually enter the secret key that's provided. Scanning the barcode is a one-time-only step.
- Enter the 6-digit passcode generated by the app, then click Save.
- Click Copy recovery codes and save them in a safe location. If you lose your phone or can't get a passcode, you must use a recovery code to sign in.
From now on, when you sign in, you can get a valid passcode by simply opening a two-factor authentication app on your device. The app displays a valid passcode on the opening screen. The app doesn't need an internet connection to display valid passcodes.
Changing how often you enter a passcode
By default, you only have to enter a passcode once every 30 days. You'll always be asked for a passcode when you sign in from a different device for the first time.
To enter a passcode every time you sign in, uncheck the Don't ask again on this computer for 30 days option on the dialog that prompts you for a passcode.
Turning off two-factor authentication
If two-factor authentication is not a requirement, but you turned it on anyway, you can turn it off.
- Click your profile icon on the upper-right side of any help center page, then click Profile to display your profile.
- Click Edit profile.
- Click Manage 2FA.
- Click Turn off 2FA.
Using and getting more recovery codes
If you lose your phone or can't access your device, you can use one of your recovery codes to access your account again. When prompted for a passcode at sign-in, enter one of your recovery codes. You can only use each code once.
If two-factor authentication is required and you lost or used all of your recovery codes, you have lost access to your account. You must create a new account to regain access to help center.
If two-factor authentication is not required but you turned it on anyway, you can get another set of recovery codes from your user profile page by turning off two-factor authentication and then turning it on again.