Zendesk Support offers the ability to have separate authentication methods for agents and end users. The options include the following:
|Zendesk native authentication||Yes||Yes|
Social media single sign-on:
only if Zendesk
|Single sign-on: SAML||Yes||Yes|
|Single sign-on: JSON Web Token (JWT)||Yes||Yes|
Our users tend to fall into three camps:
- Those who should consider Zendesk native authentication
- Those who may want to consider a SAML hosted solution
- Those who have the team, skills, and ability to consider a JWT solution
To what group do you belong? This article gives you some insights into the groups and the authentication method best suited for each. For example, you might not be ready for a JWT solution unless you're willing to hire somebody who specializes in JWT implementations.
Those for whom Zendesk native authentication is ideal
- Small organizations
- “I just want to get things done”
- I don’t have a developer team working with me
Those for whom a Hosted solution is ideal
- You have an existing user database where your users are maintained
- You don't want the hassle of building an integration and troubleshooting it should something go wrong
- You have a great engineering team that builds really awesome stuff, but they don't specialize in systems integration
Those for whom a self maintained SSO solution is ideal
- You have your own database of customers that you manage
- You have a team of engineers who have experience with integrating various systems, writing code, and troubleshooting scripts
- When you show your team this page , they take a quick look and say, “No problem, on it!”
Information on building your own JWT authentication can be a bit vague or imprecise. The reason is that each implementation can be customized, and each implementation based on your directory can be slightly different.
With JWT, Zendesk expects you to send your authentication credentials in a specific format. If the credentials match the format we specified, you’re in. If not, then something is malformed in the JSON web token created by your script. Since we didn't write your script, we can't troubleshoot it. We can only tell you, “We were looking for this.”
The most common cause of frustration for you, and us here on the Support Team (since we want to help!), occurs at this point. We can only tell you what we’re expecting to see, but can't troubleshoot how to set it up properly.
We placed a number of example scripts on Github to help get you started, but you'll have to create and troubleshoot your own script, or hire somebody who can do it for you.