We use JWT for our enduser login into the helpdesk and SAML for our agents through jumpcloud. However, all agents also have to have an account at the ressource that JWT is using, since it is our company main website. So it happens sometimes that agents get logged in through JWT despite JWT not being allowed for agents in the settings.
This is bad since JWT does not allow the username to not be changed, which leads to the agents username being overwritten. Despite agents always using SAML it somehow sometimes happen that JWT logs them in.
The zendesk settings for what is allowed on JWT or SAML should be taken serious. Momentarily the settings are not trustworthy.
Bitte melden Sie sich an, um einen Kommentar zu hinterlassen.