JWT Sign-in Should Create Organization
Feature Request Summary:
When using JWT to sign in a user from our system into our Zendesk instance, passing the organization attribute in the token should create the organization if it does not exist. Or at least make it a configurable option if existing customers rely on current behavior.
We have setup Zendesk so that users must have an account and be logged in to view 80% of our knowledge base content. That account comes from our system via the JWT auth mechanism. We have links in our app to view help content or create a ticket. These links send over the JWT Token. So the process is pretty seamless for the end user.
Our problem is that we have hundreds of organizations in our own system. We want to use Zendesk's organization feature to group users and tickets. So we pass the organization name in the JWT token to Zendesk to associate the user to the correct organization. The current functionality is that if the organization does not exist, then nothing happens.
This is much different than other systems like SAML and SCIM. If the attribute doesn't exist (e.g., Department in SAML, Group in SCIM) then that item is created in the 3rd party system. Without this behavior, additional, needless work to synchronize data would be required.
The same should happen with Zendesk's JWT support: the data (organization, in this case) that doesn't exist should be created. The user didn't exist before the first JWT authentication. How absurd would it be if the same rule was applied and Zendesk forced us to create the user before JWT authentication would work?
Business impact of limitation or missing feature:
Without this feature, we have 2 options:
1. Manually create the organization via the UI or via a CSV import
2. Automate this via API calls from our system
The first is simply not a viable option. We have new accounts created daily.
The second forces us to build an integration where one wasn't required. Now we have to bring in the appropriate libraries, learn how to use them, write the code, and setup secure credentials just to integrate when we have no other reason to do this.
Thank you for sharing this feedback and for using the feature request template, Mike.
If other users like Mike's suggestions and/or need similar functionality, please be sure to up-vote his post, and add any details or other ideas in the comments below.
I second this demand, I was very surprised when I found out that we would have to explicitly sync organizations via the API when we could have just passed the appropriate info the the SSO claim fields (org name, org id, etc.).
Bitte melden Sie sich an, um einen Kommentar zu hinterlassen.