Using the whitelist and blacklist to control access to Zendesk Support

Have more questions? Submit a request

71 Comments

  • Jessie Schutz

    Hi Jim!

    If you've blacklisted a user their emails don't even make it into Zendesk as a ticket, so they will not receive any notifications of any kind.

    0
  • Jessie Schutz

    Hi Jeffrey! Welcome to the Community!

    The whitelist only works in conjunction with the blacklist, so unless you have something in the blacklist that would otherwise prevent those users from accessing your Zendesk, you wouldn't need to whitelist them.

    Can you give more details about what you're trying to set up here?

    0
  • JeffreyTurmelle

    I ONLY want people from my company to be able to access zendesk, so I'd like to do something like this:

    blacklist: *

    whitelist: *.mycompany.com

    so that user1@a.mycompany.com and user2@b.mycompany.com and user3@c.mycompany.com can all have access.

    0
  • Jessie Schutz

    Hey Jeffrey!

    Thanks for clarifying. I'm not sure whether the wildcard for the subdomain will work. Have you tried it yet? Otherwise, you can add each subdomain (ie: a.mycompany.com, b.mycompany.com) to the whitelist and it'll work the way you want.

    0
  • Abel A

    I have added domains to the white list but they are still going straight to suspended, how do i fix this?

    0
  • Sean Cusick

    Hi Abel A, this means these emails are being suspended correctly. Please open a ticket with us at support@zendesk.com so that we can provide you more specific details as to why this is. 

    0
  • Ashley Doyle

    Howdy all.

    Our white/black lists looks (sort of) like this:

    • whitelist: "domain1.com domain2.com domain3.com" (add 6 more)
    • blacklist: "* suspend:user.name@domain3.com"

    When I click the "save tab" button I get the error "Warning: The following addresses or domains cannot be blacklisted; they are whitelisted due to association with one of your Organizations: suspend:user.name@domain3.com".

    This seems odd as our whitelist/blacklist setup looks a lot like the one demonstrated under the heading "Approve a domain, but suspend specific email addresses with the domain".

    I'm wondering if because the whitelisted domains are mapped to organisations - do we even need to have them in the whitelist? Or does this happen automagically? I'm not sure what/where we've gone wrong.

    Any help would be appreciated.

    Cheers.

    0
  • Ryan

    Hey Ashley!

    By default the blacklist suspends any email on your list (so the "Suspend:" is unnecessary). The only modifier allowed there would be "reject:{email}" which would stop emails from even hitting your suspended queue (and the validation should be accepted!).

    As for the domain mapped orgs -- You are correct, once a domain is org mapped, you will not need to whitelist in addition to the domain mapping (as its considered automatically whitelisted when this occurs).

    Hope that helps!

    0
  • Ashley Doyle

    Hi Ryan,

    I've cleared out the whitelist as they're included by default due to domain mapping - however I'm still getting the validation warning when trying to add individual accounts to the blacklist.

    Being that this is just a warning, does that mean it will still run and the 2 users in the blacklist will have their requests blacklisted? The warning seems to advise otherwise.

    Thanks

    0
  • Aisling nic Lynne

    Does it work if you include a wildcard within an email address?

    For example, my company uses one gmail account as an outside-our-system account for certain tests. I don't want to blanket whitelist gmail.com, but I do want to whitelist an email like tester@gmail along with all its "+"-style aliases tester+1@gmail tester+caseb@gmail etc.

    So does "tester*@gmail.com" work properly in the whitelists?

    0
  • Ryan

    Hi Ashley,


    Sorry for the late reply -- Unfortunately this is a Catch-22 with the org whitelisting -- there is no way to blacklist someone who is in an org. You would have to manually remove them from the Org to do so. Otherwise, if you're trying to prevent specific users from creating tickets, it will likely be easier to suspend their profile rather than working around this (which will cause the tickets to be suspended, while still remaining in the org).

    ______

    @Aisling -- Unfortunately we do not support wildcard or Regex within the blacklist field at this time --- though this is a common feedback. I highly recommend making a feedback request to properly log your support (post the link here, Once you go to the section, and I would be glad to upvote it to help garner some views!).

    In reverse, you may want to add your tester emails manually to an organization, which will then selectively whitelist that particular email. You could then continue to add identities to that one profile, to avoid needing multiple accounts (though a bit manual unfortunately).

    Hopefully that helps!

    1
  • Ashley Doyle

    Thanks for the clarification Ryan.

    Looks like suspending their profile might be the way to go in this instance.

    Thanks again for your help :)

     

    1
  • Aisling nic Lynne

    Hi Ryan! I just created this new request, so hopefully you'll upvote it. I did see a very similar request for blacklisting, which I upvoted and linked in my request.

    I've tried the organization process you recommended, and it was clunky and doesn't fully resolve the issue, but should insulate us from repeating the issue with the email accounts used so far.

    0
  • Ryan

    Hey Aisling!  You rock. I've upvoted and will keep it bookmarked if I see the request once again.

    Thanks!

    0
  • Rich

    It doesn't seem like there is, but is there a way to "whitelist" an email subject?

    Our application sends alerts to our support team when users submit requests that fail due to API issues. However, since the API issue will generate the same error for many users all at around the same time, the emails that hit our Zendesk are "detected as email loop" and suspended.

    I believe these are being suspended because the subject for each email is exactly the same. The "requester" is too (our application's email identity) but I don't think (I hope) that's not causing the tickets to be suspended.

    Does anyone have any input on this? If there is a way for me to whitelist the subject we won't need to make any changes to the email alerts. If there isn't, I think we'd need to dynamically add user/request specific details to the subject so that each error alert will have a unique subject.

    Questions: Would a subject like this be unique enough to not be detected as a loop? And is it ok if they are all coming from the same "requester?"

    Action Required - User Self Service Request Failed - {User Name} -- {YYYY-MM-DD 00:00:00}

    0
  • Ryan

    Hey Rich. unfortunately not directly.


    Shredder may be a third party option:
    https://www.zendesk.com/apps/support/shredder/?source=app_directory

    The app should be considered a bandaid -- You should consider sending the issue via our API via the tickets endpoint: https://developer.zendesk.com/rest_api/docs/core/tickets (which should avoid the issue altogether).

    Otherwise you will have to make sure the headers of that email are correct and don't get caught up due to one of the suspension reasons:
    https://support.zendesk.com/hc/en-us/articles/115009659807-Causes-for-ticket-suspension

    Hope that helps!

    0
  • Rich

    Ryan, thanks for the tip on the shredder app for a bandaid. And we will look at the email headers with regard to suspension causes also as potentially a better short term stopgap.

    Errors via tickets API is 100% what we should do and exactly what I will be advocating for as far as a proper solution. Thank you for your input Ryan, very helpful!

    0
  • Bell Chen

    Hi

    How about below?

    What will restrict?

    whitelist: aa@gmail.com
    blacklist: gmail.com
    0
  • Diogo Maciel

    Hi Bell!

     

    That configuration would restrict all emails from gmail.com domain, except for aa@gmail.com

     

    I hope this helps!

    0
  • Kendall Thomas

    Does anyone know how to un-blacklist someone? My CS teams believes they blocked and/or blacklisted an abusive customer's email a few months back HOWEVER we cannot find the customer profile for the blocked end-user and cannot find a way to unblock them. Anyone know?

    0
  • Maggie Ungerboeck

    Hi All,

    We currently use the blacklist feature to block domains of organizations who are no longer our customers. We just add a ".lost" to the domain name on the Organization so we have record of the original domain. However, I'm still receiving a message in the blacklist area that an Organization has the domain name and is on the whitelist because of this. No matter what I do, including removing the domain name from the Organization, I can't get the message to go away. Is this a bug or something I'm missing?

    Thanks,
    Maggie

    0
  • Sean Cusick

    Hi Maggie, Because this will require information that is best not to post in a public forum, could you open a ticket with us at support@zendesk.com so that we can investigate further?

    0
  • Maggie Ungerboeck

    Sure, no problem. Thanks!

    0
  • Jody Mickey

    Can you blacklist an entire TLD?  I've got ".ru .cn" in the blacklist but still get tickets from spammers like "example@mail.ru".  

    0
  • Brett - Community Manager

    Hi Jody,

    It is not possible to blacklist top-level domains within Support at this time. You would need to blacklist the individual email addresses or the "mail.ru" domain to prevent these emails from generating tickets on your account. 

    I've attached some additional tips to combat spam which I believe you will find useful here.

    Let us know if you have any other questions!

    0
  • Patrick Hawkins

    Is adding users to the whitelist or blacklist via API available yet?

    0
  • Jessie Schutz

    Hi Patrick!

    I took a look through the endpoints in our API resources and I don't see any endpoints for whitelist or blacklist.

    0
  • Justin Crook

    Hi, is there a way to whitelist/blacklist via brand not just the whole Zendesk?

    We have 3 brands, 2 for internal use and one for external.

    We would like to restrict the internal brands to our registered domains and the external open to everything (within reason - i.e. setup a blacklist for the obvious)

    Thanks

    0
  • Brett - Community Manager

    Hey Justin,

    The whitelist/blacklisting settings are account wide so you wouldn't be able to configure them by brand unfortunately. That being said, if you're trying to restrict Help Center content for internal use you can use User Segments.

    With user segments you can create a collection of users/agents on your account defined by the attributes you set. Once you're user segments are created you can then apply that user segment to your Help Center articles which will restrict anyone outside the specified users from viewing this content. More information in our Setting view permissions on articles with user segments article which I've linked.

    Let us know if you have any other questions.

    Cheers!

    0
  • Justin Crook

    Thanks Brett, unfortunately as with most things with Zendesk that doesn't work. Unfortunately we use a proprietary K2 workflow interface and the widget won't offer deflection through documentation due to restrictions. Its such a shame, Zendesk is big on ideas and promises but when it comes down to it always fails me on what is technically capable of due to limitations. 

    0

Please sign in to leave a comment.

Powered by Zendesk