Summary: We're excited to announce the launch of a new security feature in Ziflow - Two-Factor Authentication (2FA).
In addition to the usual username and password, users must also provide a unique code generated by an authenticator app.
Available for: all Ziflow editions.
Enabling Two-Factor Authentication (2FA) in your account
The 2FA is turned on by default for all Ziflow customers. Each Ziflow user can decide if they want to use 2FA or a trusted device while signing in to Ziflow.
For Enterprise edition customers, we have an account setting that will allow Ziflow admins to control whether the 2FA/trusted device is required for their users.
Supported methods of 2FA
Currently, Ziflow users may select four different applications for setting up the 2FA method. Users can decide which app should be installed on their mobile devices to start using 2FA. Here's a list of currently supported authentication apps:
Duo Mobile (Android & iOS)
How does it work?
Ziflow allows all Enterprise users to set up the 2FA. Users can open their profile and then configure the app used for two-factor authentication.
To enable 2FA, go to your Ziflow profile settings and click on the Configure button.
During this process, you'll be asked to give your Ziflow password, and after confirming it, you can set up your authentication app.
Read detailed instructions on how to set up authentication and sign in to Ziflow using 2FA:
Authy
To start using 2FA, please open the Authy app installed on your device and continue with the following steps:
First, provide your country code and phone number.
Then, verify your account by selecting one of the options (Authy on another device, WhatsApp message, SMS message, voice call).
Next, enter provided code in the Authy app.
Finally, accept adding a new device to your Authy account.
Once the Authy app is ready (linked with your device), you can connect your Ziflow account with Authy to start using 2FA.
Open up your profile in Ziflow and click on the Configure button.
Enter the Ziflow password to verify your identity:
You'll see a new window with a QR code and a place to enter the code. Please leave that window open for now.
In Authy, please tap the … (menu) icon in the upper right corner and then select Add Account.
Tap the desired option, and follow the prompts:
- Scan QR Code: Use this option to scan a QR code with your device's camera.
- Enter key manually: Use this option to type a token code on your device manually.Select the icon (if desired) and, enter an account name, then tap Save.
You'll now see a new 2FA code for this account in Authy. Please enter this code on your account page and submit it in Ziflow.
Remember to copy and save the backup code, which can be later used for access if you lose your mobile device.
Next time you sign in to Ziflow, you'll be prompted to provide the access token generated by the Authy app.
If you need more information about setting up and using Authy 2FA, we recommend reading Authy's guide.
Google Authenticator
To start using 2FA, please open the Google Authenticator app installed on your device and continue with the following steps:
Open up your profile in Ziflow and click on the Configure button.
Enter the Ziflow password to verify your identity:
You'll see a new window with a QR code and a place to enter the code. Please leave that window open for now.
Scan the QR code using a Google Authenticator app or enter the code from Ziflow directly in the app.
Confirm adding a new account in Google Authenticator by pressing the Add Account button.
After adding the Ziflow inside Google Authenticator, you can link both by entering the generated token into Ziflow.
Remember to copy and save the backup code, which can be later used for access if you lose your mobile device.
Next time you sign in to Ziflow, you'll be prompted to provide the access token generated by the Google Authenticator app.
If you need more information about setting up and using Google 2FA, we recommend reading Google Help for 2-Step Verification.
Duo Mobile
To start using 2FA, please open the Duo Mobile app installed on your device and continue with the following steps:
Open up your profile in Ziflow and click on the Configure button.
Enter the Ziflow password to verify your identity:
You'll see a new window with a QR code and a place to enter the code. Please leave that window open for now.
Scan the QR code using your Duo Mobile app, or manually enter the activation code from Ziflow into the app.
Confirm adding a new account in Duo Mobile by naming your account and then pressing the Save button.
You can just back up your Duo account in Google Drive. This step is optional only if you'd like to back up your data in case you lose access to your device.
After adding the Ziflow inside Duo Mobile, you can link both by entering the generated token into Ziflow.
Remember to copy and save the backup code, which can be later used for access if you lose your mobile device.
Next time you sign in to Ziflow, you'll be prompted to provide the access token generated by the Duo Mobile app.
Check this article if you need more information about setting up and using Duo Mobile 2FA.
Microsoft Authenticator
To start using 2FA, please open the Microsoft Authenticator app installed on your device and continue with the following steps:
Open up your profile in Ziflow and click on the Configure button.
Enter the Ziflow password to verify your identity:
You'll see a new window with a QR code and a place to enter the code. Please leave that window open for now.
Scan the QR code using a Microsoft Authenticator app or enter the activation code from Ziflow directly in the app.
After adding the Ziflow inside Microsoft Authenticator, you can link both by entering the generated token into Ziflow.
Remember to copy and save the backup code, which can be later used for access if you lose your mobile device.
Next time you sign in to Ziflow, you'll be prompted to provide the access token generated by the Microsoft Authenticator app.
If you need more information about setting up and using Microsoft Authenticator 2FA, we recommend reading the Sign in using two-step verification or security info.
Trusted device
A commonly used practice with 2FA is to designate a trusted device. A trusted device is a device that you designate as secure and authorized to access your account without needing to provide a security token while working inside Ziflow.
This guide provides an overview of the trusted device feature and explains how to set it up for two-factor authentication.
What is a Trusted Device?
This is a device that you usually use while working in Ziflow. When you designate your device (PC, notebook, or mobile device) as trusted, you won’t be asked for a verification code for the next 30 days.
Why Use a Trusted Device?
By skipping the need to enter a security token, accessing Ziflow is faster. However, 2FA is still in place to secure account access.
Setting up a Trusted Device:
To set up a trusted device, you need to enable this option while signing in to your account.
Please note that the trusted device option is only available for accounts with 2FA enabled.
If the option to trust your device for 30 days isn't visible, contact your Ziflow administrator, as it may be disabled in the account settings.
Managing Trusted Devices:
Under your Ziflow profile settings, you can find a Two-factor Authentication menu where you can manage the authentication process. There is also an option to control your trusted devices.
You can remove or modify trusted devices in your account settings if needed.
When you add a trusted device, you will receive an email confirmation to ensure the account owner is aware of such action.
Regularly review your trusted devices list to ensure that only authorized devices have access to your accounts.
Considerations and Best Practices:
The trusted device will automatically expire after 30 days since the last 2FA sign-in or after a seven-day inactivity period. After the trusted device expires, you'll need to re-authenticate using the 2FA access token.
If you're a user in multiple Ziflow accounts and even one of them has two-factor authentication required, you'll be forced to authenticate with 2FA.
The same applies to the trusted device setting. If it is disabled on a single account you belong to, it won't be available while signing in to other Ziflow tenants.
We have these policies in place to ensure that the security of Ziflow access is always maintained at the highest level.
The rules above do not apply if your organization uses Trusted (Hub/Satellite) Accounts. Please note that 2FA and trusted device settings respect logic between trusted accounts.
This means that if your primary tenant doesn't require 2FA but another tenant has enabled it, and the secondary tenant trusts your primary tenant, then you won't be asked to authenticate with 2FA.
Always choose devices that you trust and have control over when designating them as trusted devices.
Keep your trusted devices secure and protected with strong passcodes or biometric authentication.
Be cautious when using public or shared devices, as they may not be secure for 2FA authentication.
By following the steps outlined in this guide, you can enhance the security of your account by utilizing trusted devices for 2FA authentication. Remember to keep your trusted devices secure and periodically review your trusted devices list to maintain a high level of account security.
Two-factor authentication account settings (Enterprise edition only)
Inside Ziflow account settings (Security section), administrators can find a Two-factor Authentication menu where 2FA settings can be adjusted according to your company's requirements.
2FA optional or required - Ziflow administrators can decide if the 2FA is required for their users or only optional. If your company wants to implement two-factor authentication, administrators can choose whether to enforce it immediately:
or after a few logins:
Allow users to trust their devices - after a successful verification, users won't be prompted for a security token for 30 days. Read more about the trusted device mechanism here.
Two-Factor Authentication troubleshooting
Switching off Two-Factor Authentication
To disable 2FA in your account, go to your Ziflow profile and click the Remove button under the Two-factor Authentication section. First, you must enter your Ziflow password and provide the security token from the 2FA app. Once the code is entered, you'll be asked if you want to remove 2FA authentication from your account.
Ziflow access using 2FA recovery code
If you lose access to your mobile device linked with the 2FA app, we recommend using a backup code generated each time you set up a 2FA in Ziflow. The code should be kept safe since it allows the bypass of 2FA.
If you lost the backup code, go to the Two-factor Authentication section under your Ziflow profile, hit the Regenerate button, provide your Ziflow password, and enter the security code from the authentication app. This will regenerate the backup code that could be used in case of any problems with your device.
With the backup code, you can quickly get into your account without providing a security token from the authentication app. Sign in to Ziflow using your credentials, and select the recovery code option. Once you enter the backup code, you'll be shown a new code and allowed to enter your Zfilow account.
Retrieve Ziflow access with the help of the Ziflow administrator.
If your Ziflow account has been locked due to many failed login attempts using 2FA, or you lost your mobile device with a backup code, it's time to contact your account admin or Ziflow support to reset 2FA on your profile.
You'll see the following prompt on the login screen when your account gets locked due to too many failed login attempts.
If you cannot pass authentication due to a lost device and 2FA backup code, please get in touch with your account admin (Ziflow user with admin rights) and ask to reset 2FA in your profile.
Admins have a special button that allows resetting 2FA for other users using this type of authentication.
When the reset action is initiated, a user will receive an email notification (valid for 15 minutes).
This email contains a button (and URL) to confirm a 2FA reset.
Once the confirmation button is clicked, you should see the following message, which means that 2FA has been disabled, and you should be able to sign in with your Ziflow credentials.
Please remember that after the 2FA reset is complete, you'll need to set it up once again if you still want to use this type of authentication.
If any of your Ziflow account admins are not available to reset 2FA for you, please get in touch with Ziflow support, who can also assist with this process.
Additional information:
Only licensed users can configure the 2FA.
Two-Factor Authentication is available only for accounts not using the Single Sign-On.
The Legacy Ziflow Viewer is not supported when using Two-Factor Authentication.