Multi-Factor Authentication (MFA) helps safeguard access to Zeplin data, providing another layer of security by using a second form of authentication.
Since you store company design resources under your Enterprise workspace in Zeplin, you may want to be confident that other people accessing the assets that you share are appropriately authorized to view them.
Setting up MFA for Enterprise workspace
If you're the Owner or an Admin in a workspace on the Enterprise plan, you can enable multi-factor authentication through the Authentication page of your Workspace Settings.
From there, you can set the Authentication policy and session duration for all workspace members.
πββοΈ MFA will require users who are not authenticated through SAML/SSO to authenticate with an authentication app, e.g., external people who are in your Zeplin workspace but not part of your identity provider/active directory.
Setting up MFA as a workspace member
If your organization has turned on MFA, Zeplin will automatically prompt workspace members to set up and use two-step verification while logging into their accounts.
An authenticator app is needed to complete the two-step verification. Zeplin supports most authenticator apps such as Autho, Google Authenticator, or a time-based one-time password feature from a password safe.
To configure the app, scan the QR code or enter the secret key manually.
Make sure to save your backup codes in case you lose access to the authenticator app. You can use one of these backup codes to gain access to your Zeplin account by removing MFA; then, you'll be able to configure it again once you have access.
πββοΈ Based on the session duration set, workspace members will be logged out automatically and will need to log in again by using MFA to continue accessing their workspace.
Common MFA code questions
Where do I find my code?
Your code will be generated in the authenticator app indicated by the name and email used to create the code. You will not need an SMS or email to generate the code. Note that the code refreshes with a new one after a certain number of seconds (depending on the app), so be sure to enter it within the allotted time.
My Google Authenticator codes don't work.
It may be because the time isn't correctly synced on your Google Authenticator app. To set the correct time:
On your mobile device, go to the main menu of the Google Authenticator app.
Tap More, Settings, Time correction for codes, and Sync now.
On the next screen, the app confirms the time has been synced. You should be able to sign in.
βοΈ The sync will only affect the internal time of your Google Authenticator app and will not change your device's Date & Time settings.
What if I lost my backup codes?
If you have lost access to your authenticator app and backup codes, please get in touch with your workspace owner or admin, and have them send an email to support@zeplin.io to request an MFA reset on your behalf.
βοΈ MFA recovery may take several days if Zeplin support is needed.