Two-Factor Authentication

Two-factor authentication (2FA) enhances the security of your Zammad account by adding an extra layer of verification beyond a password. It requires you to provide two different types of authentication factors, typically something you know (like a password) and something you possess (like a mobile device or a security token), to ensure that you are an authorized individual who can access the account.

Two-Factor Authentication is an optional feature. Administrators can learn more here.

Set Up Two-Factor Authentication

If the system admin has enabled this feature, you can head to “Avatar > Profile > Password & Authentication” to set it up. Depending on the enabled two-factor methods, you may see one or more options in the table.

To set up a two-factor method, use the ⋮ Actions menu next to it and choose Set Up.

Set Up Two-Factor Method in Password & Authentication

In a modal dialog, you will be asked to confirm your current password.

Password Check Modal Dialog

Depending on the chosen two-factor method, you will be guided through the setup process, which includes specific steps.

Sign-in with a Two-Factor Method

When you set up two-factor authentication for your Zammad account, during the next sign-in you will be asked to provide the same two-factor method after entering correct username and password.

Depending on the chosen two-factor method, this may be a security code, hardware key, etc.

Trying Another Method

In case you are having issued during sign-in with your preferred two-factor authentication method, you can switch to another one, provided you have set it up previously.

Look for Try another method link below the sign in box. In case you don’t see this link, you probably have no other available two-factor methods set up, or your admin has disabled this feature.

Try Another Method Link

In the new screen, choose another two-factor authentication method and complete your sign-in.

Try Another Method

Alternatively, you can also use one of your recovery codes, which are auto-generated for your account during the initial setup of the two-factor authentication. Click on recovery codes, enter one of your unused recovery codes and click on Sign in.

Try Another Method

Warning

You can use a single recovery code only once! In case you exhaust the list of your recovery codes, it is recommended you regenerate them for your account.

Generate Recovery Codes

Recovery codes are one-time use security codes that can be used to sign in if you lose access to your other two-factor authentication methods. They can only be used as a backup method.

If the feature is enabled by the admin, recovery codes will be automatically generated for you during the setup of your initial two-factor authentication method.

You will be asked to print out or save the generated recovery codes in a safe place. Once used, a recovery code cannot be reused.

Recovery Codes Modal Dialog

You also have an option to regenerate your recovery codes at any time, which invalidates already existing recovery codes and provides you with a list of fresh codes. You can do this by clicking on Regenerate recovery codes button in “Avatar > Profile > Password & Authentication”.

Set a Two-Factor Method as Default

To set an already set up two-factor method as default, use the ⋮ Actions menu next to it in “Avatar > Profile > Password & Authentication” and choose Set as default.

Edit Two-Factor Method in Password & Authentication

In order to identify your current default two-factor authentication method, look for a small blue badge next to the method name.

A default two-factor authentication method is just your preferred method during the sign-in process. You will always have an option to try signing in using another method.

Edit a Two-Factor Method

To edit an already set up two-factor method, use the ⋮ Actions menu next to it in “Avatar > Profile > Password & Authentication” and choose Edit.

Edit Two-Factor Method in Password & Authentication

In a modal dialog, you will be asked to confirm your current password.

Depending on the chosen two-factor method, you will be guided again through the setup process. Normally, editing a method will simply renew it and replace the older setup, but some methods do support advanced functions (e.g. adding multiple security keys).

Remove a Two-Factor Method

To remove an already set up two-factor method, use the ⋮ Actions menu next to it in “Avatar > Profile > Password & Authentication” and choose Remove.

Remove Two-Factor Method in Password & Authentication

In a modal dialog, you will be asked to confirm the removal with your current password.

Requirement to Set Up a Two-Factor Method

Your system admin may choose to require you to set up at least one two-factor method for your account. In this case, if you haven’t already set up a method, you will be asked to do so at your next sign-in or application reload.

Remove Two-Factor Method in Password & Authentication

Choose a method of your choice, and then follow its setup guide.

Warning

If you are required to set up a two-factor authentication for your account, this will be a mandatory action. You will not be able to use Zammad until you set up at least one method.