Traditional user authentication consists of a general username and password. This provides minimal security since passwords may be easy to guess and users tend to re-use the same password across multiple accounts.
Two-factor authentication (2FA) is a system which uses two different forms of user authentication, which provides a higher level of authentication that consists of the following:
Users must enter the code within a certain timeframe for successful authentication.
You must have one of the following to use Two-factor authentication:
Zuora recommends the following authentication applications:
|Authentication Application||Tested by Zuora||Supported by Zuora|
Amazon AWS MFA (Android only)
To login all UI users, including the Zuora administrator will go through the following steps:
Users have the option of receiving the authentication code in two ways:
The following cases requires re-authentication:
If your authorization code expired or you did not receive one, click Didn't receive a code? to receive a new authentication code. If you enter the wrong code, you will receive an error message and will be asked to re-enter the authentication code.
If you set up Two-factor authentication on a trusted machine and safe browser, that you use to access Zuora on a regular basis, Zuora recommends enabling Remember me for 30 days. If you access Zuora on a public machine or unsafe browser, Zuora does not recommend enabling Remember me for 30 days.
You can retrieve the authentication code from the most recent SMS from Zuora.
If you set up Two-factor authentication on a trusted machine and safe browser, that you use to access Zuora on a regular basis, Zuora recommends enabling Remember me for 30 days. If you access Zuora on a public machine or unsafe browser, Zuora does not recommend enabling Remember me for 30 days .
You can retrieve the latest code generated by the authentication application by Zuora.
You can disable or reset two-factor authentication for a tenant or specific user.
If an individual user loses their phone or their phone crashes, they will not be able to use two-factor authentication. If this occurs, you can disable 2FA access for a specific user in Administration Settings > Manage Users.
If you disable two-factor authentication for a tenant or a specific user level, all user tenants or specific users will only have to enter their Zuora username and password when logging in to Zuora.
When two-factor authentication is re-enabled, all user tenants or specific users have to set up 2FA from the beginning.
If you are a Zuora administrator and you lose your phone, contact Zuora Global Support to disable/enable two-factor authentication. Zuora recommends having at least two Zuora administrators, in case one loses their phone.
Two-factor authentication can be disabled on a tenant level. By default, 2FA is enabled.
If you choose to disable two-factor authentication, the customer acknowledges the risks of such action and accepts responsibility for any data loss or potential compromise of tenant user accounts that use a single-factor of authentication.