You can control access to your Zendesk by adding end-users' email addresses and domains to your blacklist and whitelist. Using the blacklist, you can prevent specific or all users from registering and submitting support requests, or you can allow specific or all users to access your Zendesk and submit support requests, using the whitelist.
About the blacklist and whitelist
The blacklist and whitelist can help you create rules for accepting, suspending, and rejecting user's email. Any email that is suspended because of the blacklist will be added to the suspended queue and flagged. If you have set up user mapping, any email domains you add to the whitelist will automatically be included (see Automatically adding users to organizations based on their email domains).
Your whitelist will automatically override your blacklist. For example, if you blacklisted a specific domain, but whitelisted a user with that email domain, they will be given access.
Depending on how your Zendesk is set up, you can use the blacklist and whitelist to apply additional settings to control who can access your Zendesk. If your Zendesk permits anyone to submit tickets, such as in open support type, you can use the blacklist to filter out spam email addresses and domains (see Suspending a user in the Zendesk Agent Guide). If you require users to register, you can use the blacklist, so only approved email address and domains can submit support requests and authenticate accounts.
The blacklist and whitelist feature contains rules you can combine to easily restrict access. See the section below for a list of the available blacklist and whitelist rules.
Setting your blacklist and whitelist
- To permit all users to access your Zendesk, except those added to the blacklist, leave the whitelist blank.
- To suspend all users, except for those added to the whitelist, add a wildcard(*) in your blacklist.
Important: The wildcard will send tickets from every user not added to the whitelist to the suspended tickets queue and prevents them from creating and authenticating accounts.
- To send support request from specific users to the suspended tickets queue, enter the keyword suspend in front of an email address or domain in your blacklist. This is identical to blacklisting without a keyword.
- To block or allow an entire email domain, do not include the "@" symbol. An email domain will not be successfully added to the whitelist or blacklist with "@".
- To completely block support requests from specific users, enter the keyword reject in front of an email address or domain list in the blacklist. Tickets will not be added to the suspended tickets queue and there will be no record of the ticket in your Zendesk.
To edit your blacklist and whitelist
- Click the Admin icon () in the sidebar, then select Settings > Customers.
- Enter your whitelist and blacklist settings. You can view some of the common blacklist and whitelist examples in the section below. If you are adding multiple email addresses or domains, separate with a space.
- Click Save tab.
Whitelist and blacklist usage examples
You can use a combinations of the blacklist and whitelist rules to ensure you are permitting access or blocking the correct users. This section contains some usage examples you can replicate for your own Zendesk.
Approve a domain, suspend all other users
You can allow specific domains access to your Zendesk by adding the domain in the whitelist and suspend all users with a different email domain by adding a wildcard (*) in the blacklist. In the example below, only email from the domain mondocampcorp.com will be permitted access.
whitelist: mondocamcorp.com blacklist: *
If you want to allow more than one domain access, you can enter multiple domains separated by a space. In the example below email from the domains mondocamcorp, comdocam, and mondostore are permitted and all other users will be suspended.
whitelist: mondocamcorp.com mondocam.com mondostore.com blacklist: *
Approve a domain, but suspend specific email addresses with the domain
You can prevent a specific email address with a whitelisted domain from accessing your Zendesk by using the suspend keyword.
whitelist: gmail.com blacklist: * suspend:firstname.lastname@example.org
Approve a domain, but reject specific email addresses and domains within it
Similar to the previous example, you can block specific email addresses from using a whitelisted domain by entering their email address in the blacklist. You can use the reject keyword to prevent a user's tickets from being adding to your Zendesk at all.
In the example below, only email from gmail.com is accepted. All tickets from other email domains are sent to the suspended tickets cue, except for the email address email@example.com. Email from firstname.lastname@example.org will be rejected completely, and the ticket will not be recorded in your Zendesk.
whitelist: gmail.com blacklist: * reject:email@example.com
Approve all, but reject specific email addresses and domains
Unlike the examples above, you also have the option of allowing all users to register, except for specific email address and domains. To allow all users to register, you can leave the whitelist blank, then enter any blacklisted users.
In the example below, everyone can access your Zendesk, except for firstname.lastname@example.org and megaspam.com. Since the reject keyword is used, all email from those accounts will be blocked completely and the ticket will not be recorded in your Zendesk.
whitelist: blacklist: reject:email@example.com reject:megaspam.com