Setting up SAML single sign-on with Okta (Professional and Enterprise) Follow

Okta supports single sign-on for Zendesk using SAML (Secure Assertion Markup Language). For many of the settings used to configure single sign-on in Okta, you'll find much more detailed information in the Okta user interface. Single sign-on using SAML is available to Plus and Enterprise accounts. For more about SAML support in Zendesk, see Using SAML for single sign-on (Plus and Enterprise) .

Note: If you're not on the Plus or Enterprise plans, you can set up enterprise single sign-on using JWT (JSON Web Token) remote authentication. See Setting up single sign-on with JWT (JSON Web Token) .

Configuring SAML must be done in both in your Okta account and in your Zendesk. You start in Okta first and get the SAML information you'll need to complete the configuration in your Zendesk.

Configuring SAML in Okta

Log in to Okta as an administrator and then follow the steps below.

To configure SAML for Zendesk in Okta

  1. Select Add Applications from the dashboard.
  2. Click Add Application , then search for and choose "Zendesk". The Add Zendesk wizard will be displayed.
  3. In the first screen ( General Settings ), add a name for the application and your Zendesk subdomain (for example: if your Zendesk URL is, enter mycompany). Click Next .
  4. On the second screen ( Sign-On Options ), select SAML 2.0 . This is where you'll find the SAML SSO URL , the Remote logout URL , and the Certificate fingerprint . You need this information to complete the SAML setup in your Zendesk.
  5. Click the SAML 2.0 setup instructions for Zendesk link and this page will be displayed in a new web browser window:

    These are instructions for configuring SAML in your Zendesk. (See Configuring SAML in Zendesk below for more up-to-date instructions.) For now, copy the SAML SSO URL , the Remote logout URL , and the Certificate fingerprint and then close this window and return to your Okta dashboard.
  6. The next step is User Management , which is optional. If you enable user management, you'll be able to import users from your Zendesk into your Okta account, provision new Zendesk accounts from Okta, and push Okta user profile updates and passwords to Zendesk. You'll find information about these Okta features in your Okta account and documentation.
  7. The final step ( People ) is also optional and allows you to select who in your Okta account has access to your Zendesk. This as well is beyond the scope of this article; you'll find information about these Okta features in your Okta account and documentation.
  8. When you've completed each step, click Next to complete and close the Zendesk configuration in Okta.

Login to your Zendesk as an administrator and follow the instructions in the next section.

Configuring SAML in Zendesk

With your Zendesk for Okta set up completed and the information you need for setting up SAML in Zendesk at hand, log in to your Zendesk as an administrator and follow the steps below.

To enable SAML in your Zendesk

  1. Click the Admin icon ( ) in the sidebar, then select Settings from the Settings category.
  2. Select the Admins & Agents or End-users tab. You can enable SAML single sign-on only for end-users, only for agents and admins, or for all users.
  3. Select the SAML option.
  4. Enter the SAML SSO URL , Remote logout URL , and the Certificate Fingerprint you saved from your Zendesk for Okta configuration settings.

  5. You can optionally add IP ranges if you'd like.
  6. Click Save .
Note: When you enable single sign-on via SAML (and JWT), be aware that passwords do not expire (even if your Zendesk password policy is set to High) because passwords are not stored in Zendesk. Additionally, if agents manually add a Zendesk password to their account, these passwords will not expire.
Have more questions? Submit a request


  • 0

    So I have setup OKTA SSO for Zendesk and it seems like it is almost working but when I click on Zendesk App or attempt the Zendesk login it keeps bring me back to the okta App Home page.  Am I missing something?

  • 0

    Hi Byron, Really sorry for the delay here, I am creating a ticket on your behalf with your email address as the requester so we can troubleshoot this issue further.

  • 0

    We have OKTA working in ZenDesk. We want to use it to give our  company employees (light agents) access to agent-only sections of the Help Center.  However, OKTA drops them in the agent interface.  Locating the Help Center button is not easy because it is not labeled.  Is there anyway to tell ZenDesk to automatically redirect people to the Help Center page instead of the agent interface?

  • 0


    In order to drop light agents to a specific URL by default, you'll need to be able to set a Relay State. It looks like Okta does a support Default Relay Sate in generic SAML 2.0 apps (documentation here), but it's not clear to me whether that functionality is available in the built-in Zendesk connector. If it turns out that the built-in Zendesk connector doesn't allow you to specify a Relay State, you could likely get what you're looking for by setting it up as a SAML 2.0 app.

    If you run into trouble or if you have any questions, please let me know and I'll open a ticket for you.

Powered by Zendesk