9 Comments

  • Ben Rohrs
    Comment actions Permalink

    Jay, thanks for your feedback. We haven't heard many requests for this, so this is not currently on the roadmap, but if others desire this hopefully they will upvote this feedback.

    Have you considered using SSO integration with 2FA to provide this for your end-users?

    0
  • Dennis Versteeg
    Comment actions Permalink

    Our company has many external customers as endusers. And we're noticing that more and more are asking for 2FA on the end-user portal..

    2
  • Edwin Yeoh
    Comment actions Permalink

    I've upvoted this as well and been keeping an eye on this, but it doesn't appear to have moved. We too are getting more and more users requesting 2FA.

    The main reason we don't use SSO, is because we run a closed Zendesk, so we control over who gets an account as an authorised contact Hopefully there's an update and this doesn't go unnoticed?

    0
  • Edwin Yeoh
    Comment actions Permalink

    I was really hoping that something had been updated, but it looks like there's nothing further. I'm getting more and more requests for 2FA from my end users because there's a big push for it at the moment. Given that there's a push from Google with the Titan Security key, and/or Yubikeys, I've not yet been asked about these physical tokens, but the users of our Zendesk account are chomping at the bit to have at least Google 2FA so that they know no one can impersonate their login and start requesting changes on their behalf.

     

    Again, we can't use SSO because of the closed Zendesk. Surely there are more people wanting 2FA for their end users?

    0
  • Max McCal
    Comment actions Permalink

    Hi, Edwin & Others -

    This is definitely something we could look into. This definitely hasn't been a common ask from Zendesk users, but I think it makes perfect sense for some use cases. A few questions:

    • What's your relationship to your customer base? i.e. Are the internal to your organization, or is this a B2B or B2C arrangement?
    • Have you considered using an external authentication mechanism like JWT of SAML, and setting up a 2FA system through that? I see Edwin, you mentioned you don't use it now, but I'm not sure why a closed Zendesk precludes this. You should be able to control your SSO and manage your user base externally, depending on the option you choose.
    • What are you using for authentication?
    0
  • Edwin Yeoh
    Comment actions Permalink

    Hi Max,

    So currently our process is to create the user account on the closed system, and the user gets emailed their link to activate their account and set up a password. Because we're an MSP, the relationship is B2B and each organisation has its own set of authentication. A lot of our customers use Office365/ADFS but we do have the occasional org using Google.

    When I first set up Zendesk about 5 years ago, as far as I was aware, Google authentication made sense, but I found that even with a closed desk, accounts were being created (I don't know if that's the case now). Given that most of our businesses have moved to O365/ADFS however, SSO with Facebook/Twitter/Google doesn't seem like the correct options for us 5 years later

    We don't internally run any sort of directory service ourselves because we are mainly using Google services, so I don't think that SAML would work to authenticate our customer base (unless there's something I'm missing?)

    Plus it would be hard work attempting to hook into every customer's ADFS/SAML system as a new customer/business/organisation came on board and we only need to authenticate on average 3-5 authorised contacts.

    Whilst I think SSO _may_ be for a different conversation (although I'm sure it's related), given that our Admins have 2FA, it would be a no-brainer to be able to provide 2FA for our end users as well and would provide peace of mind given that we treat the ticket system as a place to log change requests, and we're relying on whoever is logged in to be "authorised" to request that change.

     

    0
  • Max McCal
    Comment actions Permalink

    Thanks, Edwin. That all makes sense. You would need to maintain another user system of your own to tie authentication to SAML or JWT, so that would involve some net new work on your part. There are lots of systems like that which also offer 2FA. 

    Obviously we'll consider 2FA for end-users, it's just a matter of figuring out the right time, and prioritizing it against a lot of other enhancements.

    0
  • R Benjamin
    Comment actions Permalink

    Hello,

    I am a user of an online trading platform that employs Zendesk, and they are using it to request sensitive financial and personal data for KYC/AML compliance reasons from their customers.

    I am hesitant to supply personal data via their Zendesk installation, in part because they do not offer 2FA authentication, and that has led me here.

    They say that 2 Factor Authentication is not supported by Zendesk for user accounts -- Is this still true? Or, would it be a relatively simple matter of them activating SSO to offer 2FA via Google/Facebook?

    More broadly - my prior understanding was that Zendesk was a "helpdesk" platform, so I'd also like to know if Zendesk have any stance as to whether Zendesk is a suitable platform for a company to be requesting/collecting sensitive financial and personal data from customers?

    0
  • Edwin Yeoh
    Comment actions Permalink

    That's correct. It appears that Zendesk STILL hasn't implemented 2FA for user accounts. Only Agent. If you have the ability to activate SSO, I would certainly go ahead and use that path, but I suspect that if you're in the same boat that I am, you wouldn't want to allow users to log in via "facebook".

     

    To give you an example of the business I work for, we use it to collect sensitive data such as customer certificates and private keys and passwords, and we are confident that if locked down correctly (not allowing customers to email in - which doesn't appear to be a function you can turn off), it can be run in a mode where you can collect personal data without too much problem. Zendesk do also haver certifications such as ISO27001 which you may like to look in to - Disclaimer I don't work for Zendesk, but I've done due diligence.

     

    But we are sorely lacking the 2FA for our end users because we can't activate other SSO login mechanisms. 

     

    0

Please sign in to leave a comment.

Powered by Zendesk