FAQs About Multi-Factor Authentication (MFA)

Multi-factor authentication (MFA) is a two-step process for login authentication that requires a user to verify their identity through two different, independent methods.

In Zenefits, MFA login is required for administrator accounts. Zenefits will ask for an authorization code:

  • The first time an administrator logs in to Zenefits from a new computer;
  • When an administrator logs in again after clearing their browser cookies; and
  • When an administrator logs in through an Incognito window in Chrome or a Private window in Firefox.

If an employee has lost access to the device they use for multi-factor authentication (MFA) login, an administrator can reset the employee's MFA login by following the instructions below:

  1. After logging in to Zenefits, click on the Directory app.
  2. Click on the employee's name.
  3. Scroll down to the Account Info section. This will show the employee's current MFA login method.
  4. Click the Reset button. This will open a pop-up window to confirm the reset of the employee's MFA login method.

The next time the employee tries to log in, they’ll be prompted to set up their new MFA login device.

Administrators can turn on two-step login for their company by following the steps below:

  1. After logging in to Zenefits, click on Company.
  2. Click on Security Settings.
  3. Under the Two-Step Login header, click on the edit icon next to the Two-step Login Method.
  4. Select one of the following methods:
    • None: No verification is required.
    • Email Verification: An authentication code is sent to the employee's email.
    • SMS Text/Authentication App: An authentication code is sent to the employee's device. After this setting is enabled, employees will be prompted to set their device the next time they log in.
  5. Click Save.

If you select either email verification or SMS text/Authentication app for two-step login, your administrators will be responsible for resetting any employee accounts if the employee loses access to their email or phone.

Occasionally, users may receive an Authentication Code email they did not specifically request. There are three possible reasons for this:

  1. The web browser's browsing data has been deleted or the cookies have expired.
  2. The company has a shared work station and multiple people have used the same computer to log into their Zenefits accounts.
  3. The third, and least likely reason, is that there someone at a different IP Address is attempting to log in to their Zenefits account.

In each case, there is no additional action needed on the users part. If the user continues to receive an authentication code each time they attempt to log in, this is most likely due to a security setting on their browser.

If Zenefits continues asking for an authentication code at each login, it's probably because the web browser isn't accepting cookies from websites.

  • Zenefits requires that cookies are enabled in the browser in order to correctly determine whether someone has previously logged in.
  • Cookies are not shared between browsers. Switching from one browser to a different web browser will prompt Zenefits to ask for an authentication code.

Enabling Cookies in Firefox:

  1. Click the three horizontal lines hamburger.png? (or "hamburger icon") in the upper-right corner.
  2. Choose Preferences.
  3. Select the Privacy panel.

  4. Set Firefox will: to Use custom settings for history.

  5. Check mark Accept cookies from sites to enable Cookies.

Enabling Cookies in Google Chrome:

  1. Click the three horizontal lines hamburger.png? (or "hamburger icon") in the upper-right corner.
  2. Select Settings.

  3. Click Show advanced settings...

  4. In the Privacy section, click the Content settings button.

  5. In the Cookies section, Allow Local Data to be Set.


Additional steps include:
  • Checking spam/junk inbox
  • Whitelist Zenefits email (noreply@ zenefits . com )

According to Google, the Authenticator app's time may not be synced correctly. Check out this article for steps to fix this issue.

When multi-factor authentication login is turned on, you may be asked to provide an authentication code:

  • When logging in from a new computer
  • If more than 30 days have passed since an authentication code was verified the last time
  • Whenever a significant account detail is changed (for example, a new password or becoming a company admin)
  • Whenever two-step verification method changes (for example, switching to SMS from email)

Employees should verify that their email address and phone number are accurate in Zenefits. They can do this by logging in and clicking the Personal Information app.

Zenefits houses very sensitive data and cyber attacks have been on the rise. MFA provides an additional level of security to ensure your employees’ data is protected.

Still need our help? Our support team is waiting to help you. Contact us