Skip to main content

Two-Factor Authentication for Zuora OneID

Zuora

Two-Factor Authentication for Zuora OneID

  1. Last updated
  2. Save as PDF

Zuora OneID Two-factor authentication enhances account security by requiring a second form of authentication in addition to the password. This additional layer ensures that access to the account requires both your password and a verification code sent to your mobile. Two-factor authentication (2FA) enhances security by requiring two forms of verification:

  • A user-chosen password.
  • A time-based verification code (TOTP) received on a mobile device, either through text message or an authentication application.

You must enter the verification code within a certain timeframe for successful authentication.

MFA cannot be enabled in OneID for users who are configured with Single Sign-On (SSO). The reason is that the Identity Provider (IdP) is responsible for handling user authentication. Therefore, it is recommended to configure MFA directly at the IdP level where SSO is managed. Note that MFA in OneID can still be applied to users who do not use SSO for their login.

Prerequisites for 2FA

You must have one of the following to use two-factor authentication:

  • A mobile phone that can receive SMS messages
  • An authenticator application on a mobile phone or tablet

Supported authentication applications 

Zuora supports most of the popular authenticator applications for two-factor authentication, including:

Authentication application Resources

Google Authenticator

https://support.google.com/accounts/answer/1066447?hl=en

Duo Mobile

http://guide.duosecurity.com/third-party-accounts

Amazon AWS MFA (Android only)

https://aws.amazon.com/iam/details/mfa/

Microsoft Authenticator

https://docs.microsoft.com/en-us/azure/multi-factor-authentication/end-user/microsoft-authenticator-app-how-to
OKTA Verify

Set Up Two-Factor Authentication as a OneID administrator

As a OneID administrator, perform the following steps to set up 2FA for enhanced security:

  1. Log in to the Zuora OneID application as an administrator.
  2. Navigate to your user profile to the right and choose Settings > Security Policies.
  3. Click Edit.
  4. Choose Enabled from the Two Factor Authentication drop-down list.
  5. Click Save.

Set Up Two-Factor Authentication as a User

Users have the option of receiving the authentication code in two ways:

  • SMS authentication
  • Authentication application

The following cases require re-authentication:

  • Logging in to Zuora One ID after the Remember me for 30 days period has expired.
  • Logging in from another machine or browser where the Remember me for 30 days option has not been enabled.

SMS authentication

As a user, perform the following steps to set up SMS authentication:

  1. Log in to the Zuora OneID application. You will be prompted to set up 2FA or SMS-based authentication the first time you log in after the MFA is enabled.
  2. Select Use text messages and click Next
  3. Enter your mobile number after selecting the appropriate country code and click Next.
  4. Click Next and retrieve the authentication code sent to your phone.
  5. Enter the code received within 5 minutes. If it expires, request a new one. 
  6. Click Next to complete the setup.

Re-authentication using SMS

You can retrieve the authentication code from the most recent SMS from Zuora.

Authentication application setup 

  1. Log in to the Zuora OneID application. You will be prompted to set up 2FA or SMS-based authentication the first time you log in after the MFA is enabled.
  2. Select Use a mobile app and click Next. You will be prompted to scan a QR code.
  3. Scan the code, using your preferred authentication application on your mobile phone or tablet.
  4. Click Next.
  5. Enter the authentication code generated by your application.
  6. If you don't want to be prompted to enter another code on that particular machine and browser for 30 days, select the Remember me for 30 days checkbox. If you sign in to OneID from various machines or browsers, you must set up 2FA for every machine or browser.

    If you set up Two-factor authentication on a trusted machine and safe browser, that you use to access Zuora regularly, Zuora recommends enabling Remember me for 30 days. If you access OneID on a public machine or an unsafe browser, Zuora does not recommend enabling Remember me for 30 days.

  7. Click next. After you've entered the correct authentication code, a success message will be displayed.

Re-authentication using authentication application 

You can retrieve the latest code generated by the authentication application by Zuora.

Disable Two-Factor Authentication

By default, 2FA is disabled. If you choose to disable it, acknowledge the associated risks, including potential data loss or account compromise. Disable 2FA through your user profile to the right and select Settings > Security Policies by choosing Disabled in Two Factor Authentication and clicking Save.

Change the Mobile Number

To change the registered mobile number for SMS-based MFA, users must contact the Zuora administrator or Zuora support.