Enabling SAML single sign-on (Professional and Enterprise)

Have more questions? Submit a request


  • Joe Beaudoin

    Hi Jorgen!

    Thanks for your reply.

    Zendesk doesn't have a way of "receiving error messages" from SAML, but you could always search for error messages within the console when the redirect occurs. If the customer in question isn't checking their email for the verification update, perhaps it's doubtful that they're checking their console for errors, so I know assuming the individual in question will be able to determine what's happening when they can't successfully login might be an effort in vain.

    With that being said, my suggestion to help out your customers would be to create a help center article that outlines the steps necessary to successfully authenticate in, as well as the kind of scenarios that might arise if/when they forget to (say) verify themselves via email.

    If you're unfamiliar with creating help center content and would like more information on articles, feel free to reference the following:


    Fingers crossed this provides you with a satisfactory workaround!

  • Jørgen Sivesind

    Hi Joe!

    For now, the authentication provider have actually accepted my suggestion as a feature request, that since they do display error messages like "incorrect e-mail / password combination", they should also display the verify your e-mail error message.

    Thanks for your feedback.  It makes the most sense to me, that the authentication provider is responsible here, but since I do not know the details of the spec, I could be wrong, so I needed to check this out a little more in-depth.

  • Jørgen Sivesind

    Hi again, Joe!

    Not sure if this discussion should continue publically, or if I should create a support-ticket, but since we started here, I think it is good to continue here to keep the history.

    Can you explain what ZenDesk does when SAML returns an error instead of an authenticated user?

  • Joe Beaudoin

    Hello again, Jørgen!

    No sweat, I can answer this one here!

    One example of what happens when SAML returns an error is that the user stays on the login page. The script written may do any number of things insofar as a redirect or navigation is concerned, but I think the important detail here is that until SAML successfully identifies and authenticates the user's credentials, Zendesk doesn't really "do" anything; we just keep waiting for the authentication to pass.

    Hopefully that helps! If you want to have a more in depth conversation about this, you can certainly send us a request as a ticket!

  • Jørgen Sivesind

    Thanks, Joe!

    This is exactly what I observe, and I do think the lack of a mechanism to deal with SAML errors is a problem.

    I have submitted a support-ticket with a HAR file and other info.  :)


  • Timothy Rogers

    Hello All, I am having an issue with getting SAML SSO setup. I have the entries in the SSO SAML Security area, but when the SSO login displays and we enter ID and password, with no logout URL, the system keeps trying to login over and over again. If I add a logout URL, the user is sent to the Logout page after they login. I am trying to find out why we are getting the continual loop.

  • Brett - Community Manager

    Hey Timothy,

    We'll most likely need to take a look at how you have SAML set up on your account so we can help troubleshoot this issue. I'm going to create a ticket on your behalf and send this over to our Customer Advocacy team so they can assist further. Once you receive the follow-up email stating your ticket has been generated feel free to reply back to that email with any additional information you have.


  • iwb.agents



    I am creating a app and i want only my zendesk user can have access it. so i tried authentication using JWT but it doesnt work for me. Can any one tell me how can i do so.

     I just want to get zendesk session so that when i open zendesk url in next tab i will get zendesk page.


  • Joseph May

    Hi there-

    To be clear, you want to create a Zendesk app that will appear for only one user, am I correct?

  • Charles Larry

    Regarding this from the article:

    Another supported workflow is giving users access to Zendesk after they sign in to your company's website. When a user signs in to the website using their website credentials, the website sends a request to the identity provider to validate the user. The website then sends the provider's response to the SAML server, which forwards it to your Zendesk account, which grants a session to the user.

    That's what I am interested in doing.  Is there a tutorial that specifies how to implement that within a website?

  • Bryan Flynn

    Hi Charles. Single sign-on can get technical, especially with SAML. There's not a tutorial that covers all scenarios, but here are a couple that may help and are a complement to the above article...

    Here's a tutorial on setting up SAML with ADFS: Setting up single sign-on using Active Directory with ADFS and SAML

    There's also this integration walkthrough with Okta that might provide some insights: Setting up SAML single sign-on with Okta 

  • Roberto Delgazo

    If a user is removed from company's system then how long they will be able to access zendesk? Since they are  alre already logged in. Is there a workarround for this?


Please sign in to leave a comment.

Powered by Zendesk