2-Factor authentication for Enduser

回答済み

30 コメント

  • Caroline Kello
    Zendesk Product Manager

    Hi! Thanks for taking the time to write up this feedback. It's not currently in our plans to enforce 2FA for End users but I've added this feedback to our internal board for tracking. 

    -1
  • Emily Van Nostrand

    We would also like this feature

    4
  • Lisa Springall

    Hi, this is something that we would like to see available within Zendesk.

    We would benefit from this as we are concerned that if we are not notified of an end user leaving an organisation they will still be able to access Zendesk & guide more specifically & have access to materials they no longer should have access to.

    If this could also be configured so that the authentication code was sent to the email address on the account, this would also assist with the security aspect, if it's only mobile & they use their personal mobile then they can always access the account even with 2FA.

    6
  • Ryan Lemieux

    This is something we would like to see added as our end users are within the cyber security/infosec space and we would like to add additional securities to their user accounts. 

     

    This should always be an available option when dealing with user accounts as sensitive information could be leaked to attackers/unauthenticated users if our end users mistakenly give up their password to an attacker.

    3
  • Borgny Hageberg

    Hi, this is a critical matter for us also! We really do not like that out end users accounts with sensitive information could be leaked to attackers. Today the best user-tools and systems offer simple "Turn on 2FA for your own safety", either forced or optional, and "A security code will be sent to your email address for Two-Factor Authentication (2FA) ". This is a simple and safe way to secure a user account. Today we naively trust that our communication with the customer is safe, but we do actually put our end users in jeopardy. We would like to hear from Zendesk about plans here.

    4
  • Verizon Sourcing LLC

    This is also critical for our end users.  We need to enforce 2-factor authentication for all users.

    3
  • Barkha Bhatia
    Zendesk Product Manager

    Thanks everyone for the feedback - this feature is currently under consideration.

    3
  • Frédéric Chofardet

    Hello

    The ZenDesk password policy (high level) is not corresponding to the PII European requirement and more other to the ones of my society.

    So the 2FA activation for end users will be the solution to be a little bit more complaint to our expectation.

    This speech just to pinpoint that this feature is essential for respecting the security plicy in used into many companies like mine.

     

    So please consider this requirement as a critical one

    Thx

    Fred

     

    4
  • Barkha Bhatia
    Zendesk Product Manager

    Thanks Frédéric Chofardetr for your feedback, 2FA for end users is under consideration. 

    2
  • fooforge

    To add another data point:
    We would love to see 2FA for end-users happening as well and have seen interest in this by our users.

    1
  • Frédéric Chofardet

    Thx Barkha

    Any idea about the chance this feature will be embeded into ZenDesK?

    Thx

    2
  • Chris Rose

    We also need this feature as many of our clients work in compliance industries such as healthcare and government contracting. MFA is a pretty standard requirement for SaaS these days, especially ones that process, transmit and store data. Please add to roadmap!

    2
  • Yossi Asayag

    Hi, this is also to us a critical matter! Is there any update regarding adding this essential ability?

    1
  • Frédéric Chofardet

    Fully agree with Yossi, please speed up this feature for end users

    Thx

    2
  • Barkha Bhatia
    Zendesk Product Manager

    Hi Everyone, Thank you so much for sharing your feedback and requests so far. Our team is in the process of understanding your needs on 2FA features at Zendesk. That said, we are planning a research study to talk about security needs including 2FA. You may sign up to see if you are an eligible participant for interviews conducted by our design and research team. The deadline to sign up is March 10, 2023.Sign up for research study

    If not eligible or if the schedule does not work with yours, please let us know if you are interested in setting up a separate conversation directly with our team in a comment below.

    0
  • Barkha Bhatia
    Zendesk Product Manager

    2FA for end users is under consideration and is on our short term roadmap.

    4
  • Frédéric Chofardet

    Good morning Barkha

    Very pleased to read this and thank you for your assistance :)

    Do you have an idea about the scheduler?

    Have a nice day and WE

    1
  • Frédéric Chofardet

    Hello

    Any idea when it will be embeded into a new release?

    Thx

    1
  • David Melik

    Years ago I requested users' ability (not being forced) to use multi-factor authentication (MFA) because there are ZenDesk instances that have personal identifying information (PII) and other sensitive/financial information so there's zero reason it shouldn't be behind MFA... as someone said, the current situation doesn't meet some security standards/regulations which really should be the case everywhere for the cases described.  Users should be able to use MFA with email, phone (including automated voice) and authenticator programs (including desktop) and there shouldn't be some situation that phone such as text messages are forced rather than email.

    4
  • Stan Kutzko

    I agree 100% with David's comments above.  It's overdue that MFA be offered on the end user side.  

    2
  • Stan Kutzko

    Following up on this posting:

    Barkha Bhatia
    March 9, 2023
    Zendesk Product Manager
    2FA for end users is under consideration and is on our short term roadmap.

    Any idea on a release date for this? Hoping this remains in the short term, because we know what John Maynard Keynes noted about the long run. 

    2
  • Stephen

    +1 - this would be a great step forward for Zendesk. It would make securing how users access a Help Centre much more secure.

    Ideally in multibrand accounts, having the ability to setup different login standards per Brand would be useful:

    • Standard login (password only)
    • 2FA optional (end-user can decide if they want to use 2FA)
    • 2FA required (end-user is required to use 2FA)
    1
  • Stan Kutzko

    Has there been any movement on this critical update?

    0
  • Frédéric Chofardet

    Hello

    From the last info retrieved from my KAM, normally delivered this month...fingers crossed

    1
  • Robert Forrest

    Hi - Last March (2023) you indicated this is on Zendesk's short-term roadmap. Can you update please with some specific timeframes we can expect this please - e.g. Q3 2024 etc.

    In order to provided the highest level of security to our customers as part of our ISO 27001 compliance we would very much like to see this feature as a priority for End User Authentication

    Thanks

    2
  • Frédéric Chofardet

    Hello Robert

    From the last info I had, it has been implemented BUT only on end user profile managed by the end-user into its UI (help center) :(

    https://support.zendesk.com/hc/en-us/articles/6429382053530-Accessing-help-center-with-two-factor-authentication

    I don't understand this choice as the end user can do what he wants....for ma it is not at all in relation with the securoity level we want to have on this UI access.

    My KAM said it is planned in another version - end users' 2FA managed by the administrator and not by the end user itself.

    Sometimes the DEV's logic seems to be without any logic at least :)

    Have all a nice day

    0
  • Kirsten Wilson
    Zendesk Product Manager

    Hi everyone! Just wanted to post an update to let you know that 2FA for end users is now available. More information can be found here

    1
  • Chris Rose

    Honestly what is the point in making this optional? What user ever has voluntarily turned on security. If this can't be enforced it's a pretty pointless feature in my opinion. Please expedite central enforcement/requirement of MFA for end users.

    4
  • Gizelle Butler

    Is Required MFA for end users on the roadmap for this year?

    2
  • Robert Forrest

    Thanks for the update Kirsten although having it as an end-user option strikes me as odd -we would be looking to enforce end-user MFA/2FA as an administrator or our ZD instance rather than leaving to end users to decide - as Chris says - I don't believe end users will voluntarily turn on security and even if most do it only takes 1 login to be compromised for that data (possibly for an entire organisation or User Segment) to be exposed. Please consider this as a priority for addition.

    2

サインインしてコメントを残してください。

Powered by Zendesk