• Ben Rohrs

    Jay, thanks for your feedback. We haven't heard many requests for this, so this is not currently on the roadmap, but if others desire this hopefully they will upvote this feedback.

    Have you considered using SSO integration with 2FA to provide this for your end-users?

  • Dennis Versteeg

    Our company has many external customers as endusers. And we're noticing that more and more are asking for 2FA on the end-user portal..

  • Edwin Yeoh

    I've upvoted this as well and been keeping an eye on this, but it doesn't appear to have moved. We too are getting more and more users requesting 2FA.

    The main reason we don't use SSO, is because we run a closed Zendesk, so we control over who gets an account as an authorised contact Hopefully there's an update and this doesn't go unnoticed?

  • Edwin Yeoh

    I was really hoping that something had been updated, but it looks like there's nothing further. I'm getting more and more requests for 2FA from my end users because there's a big push for it at the moment. Given that there's a push from Google with the Titan Security key, and/or Yubikeys, I've not yet been asked about these physical tokens, but the users of our Zendesk account are chomping at the bit to have at least Google 2FA so that they know no one can impersonate their login and start requesting changes on their behalf.


    Again, we can't use SSO because of the closed Zendesk. Surely there are more people wanting 2FA for their end users?

  • Max McCal

    Hi, Edwin & Others -

    This is definitely something we could look into. This definitely hasn't been a common ask from Zendesk users, but I think it makes perfect sense for some use cases. A few questions:

    • What's your relationship to your customer base? i.e. Are the internal to your organization, or is this a B2B or B2C arrangement?
    • Have you considered using an external authentication mechanism like JWT of SAML, and setting up a 2FA system through that? I see Edwin, you mentioned you don't use it now, but I'm not sure why a closed Zendesk precludes this. You should be able to control your SSO and manage your user base externally, depending on the option you choose.
    • What are you using for authentication?
  • Edwin Yeoh

    Hi Max,

    So currently our process is to create the user account on the closed system, and the user gets emailed their link to activate their account and set up a password. Because we're an MSP, the relationship is B2B and each organisation has its own set of authentication. A lot of our customers use Office365/ADFS but we do have the occasional org using Google.

    When I first set up Zendesk about 5 years ago, as far as I was aware, Google authentication made sense, but I found that even with a closed desk, accounts were being created (I don't know if that's the case now). Given that most of our businesses have moved to O365/ADFS however, SSO with Facebook/Twitter/Google doesn't seem like the correct options for us 5 years later

    We don't internally run any sort of directory service ourselves because we are mainly using Google services, so I don't think that SAML would work to authenticate our customer base (unless there's something I'm missing?)

    Plus it would be hard work attempting to hook into every customer's ADFS/SAML system as a new customer/business/organisation came on board and we only need to authenticate on average 3-5 authorised contacts.

    Whilst I think SSO _may_ be for a different conversation (although I'm sure it's related), given that our Admins have 2FA, it would be a no-brainer to be able to provide 2FA for our end users as well and would provide peace of mind given that we treat the ticket system as a place to log change requests, and we're relying on whoever is logged in to be "authorised" to request that change.


  • Max McCal

    Thanks, Edwin. That all makes sense. You would need to maintain another user system of your own to tie authentication to SAML or JWT, so that would involve some net new work on your part. There are lots of systems like that which also offer 2FA. 

    Obviously we'll consider 2FA for end-users, it's just a matter of figuring out the right time, and prioritizing it against a lot of other enhancements.


Please sign in to leave a comment.

Powered by Zendesk