Summary: We're excited to announce the launch of a new security feature in Ziflow - Two-Factor Authentication (2FA).
In addition to the usual username and password, users must also provide a unique code generated by an authenticator app.
Available for: Enterprise edition only.
Enabling Two-Factor Authentication (2FA) in your account
The 2FA is turned on by default for all Ziflow Enterprise edition customers. However, in the near future, we plan to have an account setting that will allow Ziflow admins to control whether the 2FA is required for their users.
Supported methods of 2FA
Currently, Ziflow users may select four different applications for setting up the 2FA method. Users can decide which app should be installed on their mobile devices to start using 2FA. Here's a list of currently supported authentication apps:
Duo Mobile (Android & iOS)
How does it work?
Ziflow allows all Enterprise users to set up the 2FA. Users can open their profile and then configure the app used for two-factor authentication.
To enable 2FA, go to your Ziflow profile settings and click on the Configure button.
During this process, you'll be asked to give your Ziflow password, and after confirming it, you can set up your authentication app.
Read detailed instructions on how to set up authentication and sign in to Ziflow using 2FA:
Authy
To start using 2FA, please open the Authy app installed on your device and continue with the following steps:
First, provide your country code and phone number.
Then, verify your account by selecting one of the options (Authy on another device, WhatsApp message, SMS message, voice call).
Next, enter provided code in the Authy app.
Finally, accept adding a new device to your Authy account.
Once the Authy app is ready (linked with your device), you can connect your Ziflow account with Authy to start using 2FA.
Open up your profile in Ziflow and click on the Configure button.
Enter the Ziflow password to verify your identity:
You'll see a new window with a QR code and a place to enter the code. Please leave that window open for now.
In Authy, please tap the … (menu) icon in the upper right corner and then select Add Account.
Tap the desired option, and follow the prompts:
- Scan QR Code: Use this option to scan a QR code with your device's camera.
- Enter key manually: Use this option to type a token code on your device manually.Select the icon (if desired) and, enter an account name, then tap Save.
You'll now see a new 2FA code for this account in Authy. Please enter this code on your account page and submit it in Ziflow.
Remember to copy and save the backup code, which can be later used for access if you lose your mobile device.
Next time you sign in to Ziflow, you'll be prompted to provide the access token generated by the Authy app.
If you need more information about setting up and using Authy 2FA, we recommend reading Authy's guide.
Google Authenticator
To start using 2FA, please open the Google Authenticator app installed on your device and continue with the following steps:
Open up your profile in Ziflow and click on the Configure button.
Enter the Ziflow password to verify your identity:
You'll see a new window with a QR code and a place to enter the code. Please leave that window open for now.
Scan the QR code using a Google Authenticator app or enter the code from Ziflow directly in the app.
Confirm adding a new account in Google Authenticator by pressing the Add Account button.
After adding the Ziflow inside Google Authenticator, you can link both by entering the generated token into Ziflow.
Remember to copy and save the backup code, which can be later used for access if you lose your mobile device.
Next time you sign in to Ziflow, you'll be prompted to provide the access token generated by the Google Authenticator app.
If you need more information about setting up and using Google 2FA, we recommend reading Google Help for 2-Step Verification.
Duo Mobile
To start using 2FA, please open the Duo Mobile app installed on your device and continue with the following steps:
Open up your profile in Ziflow and click on the Configure button.
Enter the Ziflow password to verify your identity:
You'll see a new window with a QR code and a place to enter the code. Please leave that window open for now.
Scan the QR code using your Duo Mobile app, or manually enter the activation code from Ziflow into the app.
Confirm adding a new account in Duo Mobile by naming your account and then pressing the Save button.
You can just back up your Duo account in Google Drive. This step is optional only if you'd like to back up your data in case you lose access to your device.
After adding the Ziflow inside Duo Mobile, you can link both by entering the generated token into Ziflow.
Remember to copy and save the backup code, which can be later used for access if you lose your mobile device.
Next time you sign in to Ziflow, you'll be prompted to provide the access token generated by the Duo Mobile app.
Check this article if you need more information about setting up and using Duo Mobile 2FA.
Microsoft Authenticator
To start using 2FA, please open the Microsoft Authenticator app installed on your device and continue with the following steps:
Open up your profile in Ziflow and click on the Configure button.
Enter the Ziflow password to verify your identity:
You'll see a new window with a QR code and a place to enter the code. Please leave that window open for now.
Scan the QR code using a Microsoft Authenticator app or enter the activation code from Ziflow directly in the app.
After adding the Ziflow inside Microsoft Authenticator, you can link both by entering the generated token into Ziflow.
Remember to copy and save the backup code, which can be later used for access if you lose your mobile device.
Next time you sign in to Ziflow, you'll be prompted to provide the access token generated by the Microsoft Authenticator app.
If you need more information about setting up and using Microsoft Authenticator 2FA, we recommend reading the Sign in using two-step verification or security info.
Two-Factor Authentication troubleshooting
Switching off Two-Factor Authentication
To disable 2FA in your account, go to your Ziflow profile and click the Remove button under the Two-factor Authentication section. First, you must enter your Ziflow password and provide the security token from the 2FA app. Once the code is entered, you'll be asked if you want to remove 2FA authentication from your account.
Ziflow access using 2FA recovery code
If you lose access to your mobile device linked with the 2FA app, we recommend using a backup code generated each time you set up a 2FA in Ziflow. The code should be kept safe since it allows the bypass of 2FA.
If you lost the backup code, go to the Two-factor Authentication section under your Ziflow profile, hit the Regenerate button, provide your Ziflow password, and enter the security code from the authentication app. This will regenerate the backup code that could be used in case of any problems with your device.
With the backup code, you can quickly get into your account without providing a security token from the authentication app. Sign in to Ziflow using your credentials, and select the recovery code option. Once you enter the backup code, you'll be shown a new code and allowed to enter your Zfilow account.
Retrieve Ziflow access with the help of the Ziflow administrator.
If your Ziflow account has been locked due to many failed login attempts using 2FA, or you lost your mobile device with a backup code, it's time to contact your account admin or Ziflow support to reset 2FA on your profile.
You'll see the following prompt on the login screen when your account gets locked due to too many failed login attempts.
If you cannot pass authentication due to a lost device and 2FA backup code, please get in touch with your account admin (Ziflow user with admin rights) and ask to reset 2FA in your profile.
Admins have a special button that allows resetting 2FA for other users using this type of authentication.
When the reset action is initiated, a user will receive an email notification (valid for 15 minutes).
This email contains a button (and URL) to confirm a 2FA reset.
Once the confirmation button is clicked, you should see the following message, which means that 2FA has been disabled, and you should be able to sign in with your Ziflow credentials.
Please remember that after the 2FA reset is complete, you'll need to set it up once again if you still want to use this type of authentication.
If any of your Ziflow account admins are not available to reset 2FA for you, please get in touch with Ziflow support, who can also assist with this process.
Additional information:
Only licensed users can configure the 2FA.
Two-Factor Authentication is available only for accounts not using the Single Sign-On.
Just so you know, Legacy Ziflow Viewer is not supported when using Two-Factor Authentication.