You can configure your Zendesk Support instance to be open, closed, or restricted (see Configuring end-user access and sign-in).
This article describes how to set up a closed instance, so that your Help Center is visible to everyone but only the users that you add to your Zendesk account can sign in and submit support requests. Each user's account must be created before they can sign-in and submit support requests.
Closed Zendesk Support, by default, has the following access rules:
- Your Help Center is visible to all visitors, whether they are signed in or not.
- Only verified users you have added to your Zendesk account can submit support requests through the Help Center. Unverified users that have been added to the account can verify themselves by going to the Help Center and requesting a password.
- Both verified and unverified users you have added to your Zendesk account can submit support requests via email to your Zendesk Support address.
- If you have a knowledge base, access is determined by the rules applied to it, as described in Restricting access to knowledge base content.
This article contains the following sections:
Disabling the 'Anyone can submit tickets' option
In a closed Zendesk you disable the option to allow everyone, even visitors who are not signed in, to submit tickets. This means that you have complete control over who uses Zendesk Support. Typically, you'll set up Zendesk Support in this way by adding all your users yourself. Although, there is a way for an anonymous user (someone not already added to Zendesk Support) to still submit support requests and have your agents approve of the request, add the user to Zendesk Support, and add the support request as a ticket to your queue (see When anonymous users submit support requests).
- Click the Admin icon (
) in the sidebar, then select Settings > Customers. - If it's selected, deselect the Anybody can submit tickets option.
Note: Deselecting this option can impact Web Widget functionality (see Using restricted Help Center content with the Web Widget).
- Optionally, in the Account emails section, select the Also send a verification email when a new user is created by an agent or administrator option.
This option is explained in more detail in About new user email address verification and passwords below so you can decide if you want to enable it.
Note: If you started using Zendesk on or after August 21, 2013, this option is not available until you enable Guide (see Getting Started with Guide). - Click Save tab.
The settings you've just made removes the Sign Up link from the sign-in window of your Help Center.
This means that users who access Zendesk Support have no option for self registering (signing up and creating an account). This includes your agents as well. You need to add all your users yourself.
If you also restrict all your content to either agents or signed-in users only (see Restricting your content to registered users only below), the only page that visitors see when they access your Help Center is the sign-in page and, if they don't already have a user account in your Zendesk, they are unable to sign in.
Adding users to a closed Zendesk Support
- Manually adding users one at a time (see Adding end-users, agents, and administrators)
- Adding many users in a bulk import (see Bulk importing users and organizations)
- Adding users via the Zendesk API (see Zendesk API: Users)
By default, when you add a user to your Zendesk, they are unregistered (and therefore unverified). At this stage, they can submit support requests via your support email address, but not through the Help Center. When they register themselves, they become verified users of Zendesk Support, and can submit support requests through both the email address and the Help Center.
The following section explains how email verification works and how user passwords are created when adding users.
About new user email address verification and passwords
Since you're adding your users yourself, rather than allowing them to sign themselves up, you need to think about how the verification process happens. This is where the Also send a verification email when a new user is created by an agent or administrator option needs to be considered. If you set this option, all users you add to Zendesk Support receive the User Welcome email message, which prompts them to click a link to verify their email address and then create a password so that they can sign in to your Zendesk. If you want new users to be able to sign in to your Help Center, they each need a password. So by enabling this option you're asking your users to manage email address verification and create passwords themselves.
When you add your users, you have the following options for email verification and passwords if you elect not to send the User Welcome email.
- You can tell your users to send support requests via email using your support email address (for example, support@mycompany.zendesk.com).
- Using the Zendesk API, it's possible to both add new users and to also set their passwords. You can automatically verify all your users' email addresses using the API
verifiedparameter. This means that your users will be fully registered and verified. Assuming you also provide them with their passwords, they can immediately sign in to your Help Center. For more information, see Zendesk API: Users. - You can manually verify a user's email address after you've added them to your Zendesk. See Verifying a user's email address in the Zendesk Agent Guide.
When anonymous users submit support requests
Despite your Zendesk Support being closed, it is possible for an agent to create a ticket from a support request from an anonymous user. When you receive a support request from an anonymous user, when you've configured Zendesk Support as closed, the request is added to the Suspended Tickets view. From there an agent can either delete the request or recover it. Recovering the ticket creates a new user account and adds the ticket to your Zendesk. For more information, see Viewing, recovering, and deleting suspended tickets in the Zendesk Agent Guide.
If the Also send a verification email when a new user is created by an agent or administrator option has been selected, the User Welcome email is sent to the user when the suspended ticket is recovered. The user clicks the link to verify their email address, creates a password, and is then signed in to your Help Center where they can use the knowledge base and submit and track requests.
If the Also send a verification email when a new user is created by an agent or administrator option has not been selected, the user remains unverified and can't sign in. The user receives the ticket received notification, and can respond to the notification via email.
Using enterprise single sign-on (SSO)
If you're using JWT or SAML (available on Professional and Enterprise) for user access to Zendesk Support, all user management and authentication happens outside of your Zendesk. Your single sign-on service is synced with Zendesk Support. So, for example, if you add a user account for a new employee, that employee has immediate access to your Zendesk.
When using SSO with a closed Zendesk Support, a few issues may arise. What happens if a user sends an email support request and they're not already a user within the closed Zendesk Support? The user's email support request will be suspended. In other words, if the user doesn't already exist in Zendesk Support, synced to it via your single sign-on service, then the user cannot submit support requests. Only known, legitimate users in your user management system will be able to access the closed Zendesk Support.
You also do not want to select the Also send a verification email when a new user is created by an agent or administrator option because you never want to users to create passwords directly in Zendesk Support. Remember that's all handled outside of your Zendesk.
It's important to remember that social media single sign-on is different. These provide your users with additional ways to sign in to your Zendesk. To use them, your users need to add these social media accounts to their user profiles themselves. You can't do it for them.
Restricting your content to signed-in users only
When you close or restrict Zendesk Support, you also may want to hide all content in your Help Center so that only signed-in users can see it. To do this, you can require that users sign in to access your Help Center (see Restricting Help Center access to signed-in users).
When all your content is restricted to signed-in users, visitors to your Help Center will only see the sign-in page. The users you added to your Zendesk can sign in there and access your content.
6 Comments
Seems this article is missing the links to referenced information. I was especially hoping to view the link that is missing for "Adding many users in a bulk import":
Hi, Corrin. I've updated the article, thanks for letting us know about the missing links. Here's our article on bulk importing users:
Bulk importing users and organizations
I hope that's what you're looking for - let me know if you need anything else.
We want to only allowed signed-in users but with that group we want to limit who can submit ticket is there a way to solve that?
What is the work around for restricting the submit ticket/my activities area of the guide for one particular user? I was told some custom coding could be done for this. Could you point me in the right direction?
Hi Yvonne -
I'm not certain about customizing for a single user, though it may be possible. I would recommend posting your question in the Guide Themes & Customizations Topic in the community. Many of our customization experts follow that topic and may be able to help you determine the code or find the right resources to help you out.
Have been struggling to determine a way to handle security in Zendesk and Zendesk Guide.
We don't want everyone to be able to access the guide.
Only verified users should be able to login via the guide.
Anyone can email in a support request to create a ticket.
The product has too tightly coupled the idea of a guide with creating support tickets, probably because the platform is focussed on b2c rather than b2b.
Please sign in to leave a comment.