Multi-Factor Authentication (MFA) helps safeguard access to Zeplin data, providing another layer of security by using a second form of authentication.

Since you store company design resources under your Enterprise workspace in Zeplin, you may want to be confident that other people accessing the assets that you share are appropriately authorized to view them.

If you're the Owner or an Admin in a workspace on the Enterprise plan, you can enable multi-factor authentication through the Authentication page of your Workspace Settings.

From there, you can set the Authentication policy and session duration for all workspace members.

💁‍♀️ MFA will require users who are not authenticated through SAML/SSO to authenticate with an authentication app, e.g., external people who are in your Zeplin workspace but not part of your identity provider/active directory.

If your organization has turned on MFA, Zeplin will automatically prompt workspace members to set up and use two-step verification while logging into their accounts.

An authenticator app is needed to complete the two-step verification. Zeplin supports most authenticator apps such as Autho, Google Authenticator, or a time-based one-time password feature from a password safe.

To configure the app, scan the QR code or enter the secret key manually.

Make sure to save your backup codes in case you lose access to the authenticator app. You can use one of these backup codes to gain access to your Zeplin account by removing MFA; then, you'll be able to configure it again once you have access.

💁‍♀️ Based on the session duration set, workspace members will be logged out automatically and will need to log in again by using MFA to continue accessing their workspace.

Your code will be generated in the authenticator app indicated by the name and email used to create the code. You will not need an SMS or email to generate the code. Note that the code refreshes with a new one after a certain number of seconds (depending on the app), so be sure to enter it within the allotted time.

It may be because the time isn't correctly synced on your Google Authenticator app. To set the correct time:

☝️ The sync will only affect the internal time of your Google Authenticator app and will not change your device's Date & Time settings.

If you have lost access to your authenticator app and backup codes, please get in touch with your workspace owner or admin, and have them send an email to support@zeplin.io to request an MFA reset on your behalf.

☝️ MFA recovery may take several days if Zeplin support is needed.