Okta supports single sign-on for Zendesk using SAML (Secure Assertion Markup Language). For many of the settings used to configure single sign-on in Okta, you'll find much more detailed information in the Okta user interface. Single sign-on using SAML is available to Plus and Enterprise accounts. For more about SAML support in Zendesk, see Using SAML for single sign-on (Plus and Enterprise).
Configuring SAML must be done in both in your Okta account and in your Zendesk. You start in Okta first and get the SAML information you'll need to complete the configuration in your Zendesk.
Configuring SAML in Okta
Log in to Okta as an administrator and then follow the steps below.
To configure SAML for Zendesk in Okta
Select Add Applications from the dashboard.
Click Add Application, then search for and choose "Zendesk". The Add Zendesk wizard will be displayed.
In the first screen (General Settings), add a name for the application and your Zendesk subdomain (for example: if your Zendesk URL is mycompany.zendesk.com, enter mycompany). Click Next.
On the second screen (Sign-On Options), select SAML 2.0. This is where you'll find the SAML SSO URL, the Remote logout URL, and the Certificate fingerprint. You need this information to complete the SAML setup in your Zendesk.
Click the SAML 2.0 setup instructions for Zendesk link and this page will be displayed in a new web browser window:
These are instructions for configuring SAML in your Zendesk. (See Configuring SAML in Zendesk below for more up-to-date instructions.) For now, copy the SAML SSO URL, the Remote logout URL, and the Certificate fingerprint and then close this window and return to your Okta dashboard.
The next step is User Management, which is optional. If you enable user management, you'll be able to import users from your Zendesk into your Okta account, provision new Zendesk accounts from Okta, and push Okta user profile updates and passwords to Zendesk. You'll find information about these Okta features in your Okta account and documentation.
The final step (People) is also optional and allows you to select who in your Okta account has access to your Zendesk. This as well is beyond the scope of this article; you'll find information about these Okta features in your Okta account and documentation.
When you've completed each step, click Next to complete and close the Zendesk configuration in Okta.
Login to your Zendesk as an administrator and follow the instructions in the next section.
Configuring SAML in Zendesk
With your Zendesk for Okta set up completed and the information you need for setting up SAML in Zendesk at hand, log in to your Zendesk as an administrator and follow the steps below.
To enable SAML in your Zendesk
Click the Admin icon () in the sidebar, then select Security from the Settings category.
Zendesk Classic: Select the Setting menu, then select Security.
Select the Admins & Agents or End-users tab. You can enable SAML single sign-on only for end-users, only for agents and admins, or for all users.
Zendesk Classic: Select the Single Sign-on tab.
Select the SAML option.
Zendesk Classic: Next to the SAML option, click Edit, and then select Enabled.
Enter the SAML SSO URL, Remote logout URL, and the Certificate Fingerprint you saved from your Zendesk for Okta configuration settings.
You can optionally add IP ranges if you'd like.
Note: When you enable single sign-on via SAML (and JWT), be aware that passwords do not expire (even if your Zendesk password policy is set to High) because passwords are not stored in Zendesk. Additionally, if agents manually add a Zendesk password to their account, these passwords will not expire.