Okta supports single sign-on for Zendesk using SAML (Secure Assertion Markup Language). For many of the settings used to configure single sign-on in Okta, you'll find much more detailed information in the Okta user interface. Single sign-on using SAML is available to Professional and Enterprise accounts. For more about SAML support in Zendesk, see Enabling SAML single sign-on (Professional and Enterprise).
Configuring SAML must be done in both in your Okta account and in Zendesk. You start in Okta first and get the SAML information you'll need to complete the configuration in Zendesk.
Configuring SAML in Okta
Sign in to Okta as an administrator and then follow the steps below.
To configure SAML for Zendesk in Okta
- In Okta, from the drop-down list in the upper-right corner, make sure you are using the Classic UI interface (not the Developer Console).
- Select Add Applications from the dashboard.
- Click Add Application, then search for and choose Zendesk. The Add Zendesk wizard appears.
- On the first screen, General Settings, add a name for the application and your Zendesk subdomain. For example, if your Zendesk URL is mycompany.zendesk.com, enter mycompany). Click Next.
- On the second screen, Sign-On Options, select SAML 2.0. This is where you'll find the SAML SSO URL, the Remote logout URL, and the Certificate fingerprint. You need this information to complete the SAML setup in Zendesk.
- Click the SAML 2.0 setup instructions for Zendesk link.
A page appears with instructions on how to configure SAML in Zendesk. See Configuring SAML in Zendesk below for the latest information.
- Copy the SAML SSO URL, the Remote logout URL, and the Certificate fingerprint.
You need this information to configure SAML in Zendesk. When you've finished copying, close this window and return to your Okta dashboard.
- (Optional) If you enable User Management, you'll be able to import users from Zendesk into your Okta account, provision new Zendesk accounts from Okta, and push Okta user profile updates and passwords to Zendesk.
You'll find information about these Okta features in your Okta account and documentation.
- (Optional) People allows you to select who in your Okta account has access to Zendesk. This step is not covered in this article. You'll find information about these Okta features in your Okta account and documentation.
- When you've completed each step, click Next to complete and close the Zendesk configuration in Okta.
Configuring SAML in Zendesk
When your Zendesk for Okta setup is complete and the information you need for setting up SAML in Zendesk is available, sign in to your Zendesk account as an administrator and follow the steps below.
To enable SAML in Zendesk
- In any product, click the Zendesk Products icon () in the top bar, then select Admin Center.
- Click the Security icon () in the left sidebar, then click the Single sign-on tab.
- For SAML, click Configure.
- Enter the SAML SSO URL, Certificate fingerprint, and Remote logout URL you saved from your Zendesk for Okta configuration settings, above.
- (Optional) For IP ranges, enter a list of IP ranges if you want to redirect users to the appropriate sign-in option.
- Once your SAML SSO configuration is set, click Enabled so you can assign this option to users.
- Click Save.
Assign users to SAML single sign-on with Okta
After configuring SAML single sign-on with Okta, assign this SSO option to end users, staff members (agents and administrators), or both. For more information, see Assigning SAML SSO to users.