Question
Why does Zendesk require the below permissions to authenticate with Google Apps?
Answer
Each permission is based on a feature that is needed to help manage your support addresses in a way where you don't have to leave Zendesk Support to do so.
Find below a breakdown of each permission and its corresponding reason for requesting access.
-
View your basic profile
Standard integration requirement to match your user name with your Zendesk credentials.
-
View and Manage the settings of a Google apps group
Streamlines the Google Apps groups with Zendesk groups sync to seamlessly update existing support addresses or add new ones.
-
Manage the email settings of users on your domain
Manages user creation when a new user emails this support address.
-
View and manage the provisioning of users on your domain
Manages agent user additions and removals and also helps with verification via Google Single Sign On.
-
View and manage the provisioning of groups on your domain
Allows you to provision new support addresses.
-
View and manage the provisioning of domains for your customers
Provides synchronization between your Support and Google accounts.
-
Manage your new site verifications with Google
Included for Help Center Google Analytics verifications, and SPF and DKIM record-setting.
For more information, see the article: Google Apps for Business - Mail redirection to Zendesk Support - Best Practices
5 Comments
I'm sorry but this is not a sufficient explanation of why Zendesk needs these permissions.
Also, why can I not opt out of these permissions? I don't want Zendesk to be able to modify my Google domain settings. I'm OK with doing this manually. At least then I know what is happening.
Why doesn't Zendesk progressively request more permissions as we I features of the Zendesk administration system?
A blanket "giz us all the admin permissions bro" request the first time you login is not a good user experience and does not engender trust in Zendesk.
Also, the fact that I can deny these permissions in the login flow and then get a 404 error doesn't engender much trust in Zendesks ability to write quality software or the fact that after denying these permissions I'm still able to access my Zendesk Support admin console.
Your whole login system via Google seems half baked, buggy and untrustworthy.
Are there any updates on this issue? I totally agree with Oliver.
Hi All -
Apologies for the delayed response; it took a little while to get all of the right people looped in to the conversation. The product managers agree that the scope of the permissions is unnecessary at this point in time, and they are looking to make some revisions. For a little background, the permissions were initially put in place with the idea of expanding the functionality of the app, but since some of that functionality never came to fruition there's recognition that some of the permissions no longer need to be required.
There's not yet an ETA on when the revisions will be completed, but they've heard your concerns and will be taking action. Thank you for sharing your feedback!
I was going to raise the same issue. These permissions are clearly not required up front and just add friction to the login process as Oliver described.
An upfront grab for full admin over email and domain configs is alarming to say the least..
Hey Oliver -
Thanks for the feedback. I'm going to have our team review this article for accuracy and to see if we can add more information, and will also share your thoughts with the team that works with permissions.
Just for clarification, where did you run into this permission issue?
Please sign in to leave a comment.