Authenticator App¶
The authenticator app method is a type of two-factor authentication that uses a mobile application to generate one-time codes for account verification. After setting up the authenticator app on their device, the user links it to their Zammad account.
How it Works¶
When logging in, the user is prompted to enter a time-sensitive code generated by the app, in addition to their password. This code acts as the second factor of authentication, providing an extra layer of security as it changes periodically and is unique to the user’s device.
The app generates codes based on a shared secret key stored securely on both the user’s device and the server, ensuring a synchronized and secure authentication process. The method of generating the codes is sometimes also called TOTP (time-based one-time password).
Enabling the Authenticator App Method¶
To enable the method, just toggle the switch on in the settings.

Now the users will be able to set up this two-factor authentication method for their accounts via “Avatar -> Profile -> Password & Authentication”. Once they do, on next sign-in with password, they will be asked to provide an additional security code generated by their mobile device.