Recent searches
No recent searches
2-Factor authentication for Enduser
Posted Feb 22, 2021
Hi Zendesk Support Team!
We are providing a support service Japanese Customers with Zendesk.
We would like to configure 2 factor authentication for not only Agents but also Endusers since many of our customers have their strict security policy.
We would appreciate it if you could consider adding this request to your future development plans.
21
35 comments
Official
Caroline Kello
Everyone, thanks for taking the time to write up this feedback and share your needs. It's not currently in our plans to enforce 2FA for end users, or to give Admins the ability to require it, but I've added this feedback to our internal board for tracking.
0
Emily Van Nostrand
We would also like this feature
4
Lisa Springall
Hi, this is something that we would like to see available within Zendesk.
We would benefit from this as we are concerned that if we are not notified of an end user leaving an organisation they will still be able to access Zendesk & guide more specifically & have access to materials they no longer should have access to.
If this could also be configured so that the authentication code was sent to the email address on the account, this would also assist with the security aspect, if it's only mobile & they use their personal mobile then they can always access the account even with 2FA.
6
Ryan Lemieux
This is something we would like to see added as our end users are within the cyber security/infosec space and we would like to add additional securities to their user accounts.
This should always be an available option when dealing with user accounts as sensitive information could be leaked to attackers/unauthenticated users if our end users mistakenly give up their password to an attacker.
3
Borgny Hageberg
Hi, this is a critical matter for us also! We really do not like that out end users accounts with sensitive information could be leaked to attackers. Today the best user-tools and systems offer simple "Turn on 2FA for your own safety", either forced or optional, and "A security code will be sent to your email address for Two-Factor Authentication (2FA) ". This is a simple and safe way to secure a user account. Today we naively trust that our communication with the customer is safe, but we do actually put our end users in jeopardy. We would like to hear from Zendesk about plans here.
4
Verizon Sourcing LLC
This is also critical for our end users. We need to enforce 2-factor authentication for all users.
3
Barkha Bhatia
Thanks everyone for the feedback - this feature is currently under consideration.
3
Frédéric Chofardet
Hello
The ZenDesk password policy (high level) is not corresponding to the PII European requirement and more other to the ones of my society.
So the 2FA activation for end users will be the solution to be a little bit more complaint to our expectation.
This speech just to pinpoint that this feature is essential for respecting the security plicy in used into many companies like mine.
So please consider this requirement as a critical one
Thx
Fred
4
Barkha Bhatia
Thanks Frédéric Chofardetr for your feedback, 2FA for end users is under consideration.
2
fooforge
To add another data point:
We would love to see 2FA for end-users happening as well and have seen interest in this by our users.
1
Frédéric Chofardet
Thx Barkha
Any idea about the chance this feature will be embeded into ZenDesK?
Thx
2
Chris Rose
We also need this feature as many of our clients work in compliance industries such as healthcare and government contracting. MFA is a pretty standard requirement for SaaS these days, especially ones that process, transmit and store data. Please add to roadmap!
2
Yossi Asayag
Hi, this is also to us a critical matter! Is there any update regarding adding this essential ability?
1
Frédéric Chofardet
Fully agree with Yossi, please speed up this feature for end users
Thx
2
Barkha Bhatia
Hi Everyone, Thank you so much for sharing your feedback and requests so far. Our team is in the process of understanding your needs on 2FA features at Zendesk. That said, we are planning a research study to talk about security needs including 2FA. You may sign up to see if you are an eligible participant for interviews conducted by our design and research team. The deadline to sign up is March 10, 2023.Sign up for research study
If not eligible or if the schedule does not work with yours, please let us know if you are interested in setting up a separate conversation directly with our team in a comment below.
0
Barkha Bhatia
2FA for end users is under consideration and is on our short term roadmap.
4
Frédéric Chofardet
Good morning Barkha
Very pleased to read this and thank you for your assistance :)
Do you have an idea about the scheduler?
Have a nice day and WE
1
Frédéric Chofardet
Hello
Any idea when it will be embeded into a new release?
Thx
1
David Melik
Years ago I requested users' ability (not being forced) to use multi-factor authentication (MFA) because there are ZenDesk instances that have personal identifying information (PII) and other sensitive/financial information so there's zero reason it shouldn't be behind MFA... as someone said, the current situation doesn't meet some security standards/regulations which really should be the case everywhere for the cases described. Users should be able to use MFA with email, phone (including automated voice) and authenticator programs (including desktop) and there shouldn't be some situation that phone such as text messages are forced rather than email.
4
K.S.
I agree 100% with David's comments above. It's overdue that MFA be offered on the end user side.
2
K.S.
Following up on this posting:
Any idea on a release date for this? Hoping this remains in the short term, because we know what John Maynard Keynes noted about the long run.
2
Stephen
+1 - this would be a great step forward for Zendesk. It would make securing how users access a Help Centre much more secure.
Ideally in multibrand accounts, having the ability to setup different login standards per Brand would be useful:
2
K.S.
Has there been any movement on this critical update?
0
Frédéric Chofardet
Hello
From the last info retrieved from my KAM, normally delivered this month...fingers crossed
1
Robert Forrest
Hi - Last March (2023) you indicated this is on Zendesk's short-term roadmap. Can you update please with some specific timeframes we can expect this please - e.g. Q3 2024 etc.
In order to provided the highest level of security to our customers as part of our ISO 27001 compliance we would very much like to see this feature as a priority for End User Authentication
Thanks
2
Frédéric Chofardet
Hello Robert
From the last info I had, it has been implemented BUT only on end user profile managed by the end-user into its UI (help center) :(
https://support.zendesk.com/hc/en-us/articles/6429382053530-Accessing-help-center-with-two-factor-authentication
I don't understand this choice as the end user can do what he wants....for ma it is not at all in relation with the securoity level we want to have on this UI access.
My KAM said it is planned in another version - end users' 2FA managed by the administrator and not by the end user itself.
Sometimes the DEV's logic seems to be without any logic at least :)
Have all a nice day
1
Kirsten Wilson
Hi everyone! Just wanted to post an update to let you know that 2FA for end users is now available. More information can be found here.
1
Chris Rose
Honestly what is the point in making this optional? What user ever has voluntarily turned on security. If this can't be enforced it's a pretty pointless feature in my opinion. Please expedite central enforcement/requirement of MFA for end users.
4
Gizelle Butler
Is Required MFA for end users on the roadmap for this year?
2
Robert Forrest
Thanks for the update Kirsten although having it as an end-user option strikes me as odd -we would be looking to enforce end-user MFA/2FA as an administrator or our ZD instance rather than leaving to end users to decide - as Chris says - I don't believe end users will voluntarily turn on security and even if most do it only takes 1 login to be compromised for that data (possibly for an entire organisation or User Segment) to be exposed. Please consider this as a priority for addition.
2