RSS

Forums / Announcements / Enable SSO with Remote Au...

Enable SSO with Remote Authentication

Submitted Jun 20 by Mikkel A Svane

Your Zendesk account now supports Single Sign-On with any 3rd party user authentication or directory access service. The new service is available in the Account tab in a new menu item called "Integrations".

Remote authentication allows you to authenticate Zendesk users using a locally hosted script. It's based on a "shared secret" between your local authenticating script and Zendesk. This secret is used to securely generate a one-way encryption which Zendesk uses to ensure that people who log on to your account using remote authentication, are who they claim to be, and have been pre-approved to do so by implicitly knowing the "shared secret".

Picture_18.png

When Remote authentication is enabled users are redirected to a script at a location you specify. This script then authenticates the user against the desired system, sends the user back to your help desk account and tells Zendesk that he's authenticated. If the user doesn't already exist in your Zendesk account he will be created on the fly. Basically Zendesk will trust anything your script returns and rely 100% on your own script.

We've added a pre-built ASP.NET script for Microsoft Active Directory (AD) that you can install on a local IIS. If enabled, users accessing your Zendesk account will be redirected to this script for AD authentication and then returned to your help desk. The redirect is browser-based and doesn't require Zendesk to access your local IIS or network.

Remote Authentication can be limited to certain IP-ranges only. If for example you want your agents to authenticate against your AD, but your end-users against Zendesk as always. Furthermore Remote Authentication can be bypassed when required.

We will post other sample authentication scripts for other systems, but also encourage our customers to post and share scripts against systems it makes sense to authenticate against.

 

Comments

User photo
Mikkel A Svane
Zendesk support

BTW. Remote authentication developer information is available here: http://zendesk.com/api/remote_authentication

Jun-28 2008 at 13:33.
 
User photo
David Ulevitch

EveryDNS will post a PHP script sometime this weekend that we've gotten to work.


One thing that would be nice is if the logout link at the top right, when using Remote Authentication, was a link back to the site or to the remote API with an addition GET parameter so we can know if they want to logout or if we want to direct them back to the site... etc. :-)

Jul-25 2008 at 06:20.
 
User photo
Mikkel A Svane
Zendesk support

Duly noted.

Jul-31 2008 at 12:34.
 
User photo
Phil Thompson

Hi, thought you might be interested in a C# .net2 authentcation script. We have an application that uses asp.net2 standard membership management, we use code behind and I wanted to integrate zendesk into our application without the user having to log in again. We store username and email address when they log in, in a profile, so we just retrieve it from their rather than read ldap. Also demonstrates use of .net cryptography library.

using System.Text
using System.Security.Cryptography 

    protected void Page_Load(object sender, EventArgs e)
    {
        string sFullName = Profile.GetPropertyValue("UserName").ToString();
        string sEmail = Profile.GetPropertyValue("EmailAddress").ToString();
       
        string sToken = "changedtoprotecttheinnocent";
        string sReturnURL = "https://youraccount.zendesk.com/access/remote/";
        string sURL = "";

        string sMessage = "";
        string sDigest = "";

        sMessage = sFullName + sEmail + sToken + Request.QueryString.Get("timestamp");
        sDigest = Md5(sMessage);

        sURL = sReturnURL + "?name=" + Server.UrlEncode(sFullName) +
                "&email=" + Server.UrlEncode(sEmail) +
                "&timestamp=" + Request.QueryString.Get("timestamp") +
                "&hash=" + sDigest;
        Response.Redirect(sURL);
    }
    public string Md5(string strChange)
    {
        //Change the syllable into UTF8 code
        byte[] pass = Encoding.UTF8.GetBytes(strChange);

        MD5 md5 = new MD5CryptoServiceProvider();
        md5.ComputeHash(pass);
        string strPassword = ByteArrayToHexString(md5.Hash);
        return strPassword;
    }
    public static string ByteArrayToHexString(byte[] Bytes)
    {// important bit, you have to change the byte array to hex string or zenddesk will reject
        StringBuilder Result;
        string HexAlphabet = "0123456789abcdef";

        Result = new StringBuilder();

        foreach (byte B in Bytes)
        {
            Result.Append(HexAlphabet[(int)(B >> 4)]);
            Result.Append(HexAlphabet[(int)(B & 0xF)]);
        }
        return Result.ToString();
    }

Aug-06 2008 at 12:18.
 
User photo
Mikkel A Svane
Zendesk support

Hey Phil. Excellent script. Thanks for sharing. 

Aug-20 2008 at 09:22.
 
User photo
Morten Primdahl
Zendesk support

We will place templates for different sorts of remote authentication integrations here: http://github.com/zendesk/remote-authentication/

Br,

Morten

 

Aug-22 2008 at 11:04.
 
User photo
Andy Donnan

Any update on templates for remote authentication? That above link is dead.

Nov-24 2008 at 16:26.
 
Add a comment
 
or cancel