You can provide your users with more options for signing in to Zendesk Support by allowing them to sign in using their existing social and business accounts. Social sign-ins include Facebook and Twitter and business sign-ins include Google and Microsoft. Agents and admins can only use business single sign-on. For information on other types of single sign-on options, see Single sign-on (SSO) options in Zendesk.
How social and business SSO works in Zendesk Support
Social and business single sign-on allows end users to access Zendesk using their Facebook, Twitter, Google, or Microsoft accounts. When you enable the SSO methods, a sign-in button will be added to your Help Center page.
Agents and admins only have access to either Google or Microsoft SSO methods. If Google or Microsoft is also enabled for end users, agents and admins can use the sign-in button on the Help Center page. If the method is not enabled for end users, agents and admins will need to click the I am an Agent link to use SSO.
Your users' social and business account sign-in credentials (username and password) are never shared with Zendesk. Only the primary email address contained in the social and business account is shared.
- Users select one of the social or business sign-on options on your Zendesk account sign-in page.
- Users will be redirected to their social or business sign in page and required to enter their credentials.
Note: If users are signing in with Microsoft, they can also use their Office365 credentials.
- If the credentials are valid, users will be redirected back to your Zendesk Support account.
- Zendesk will prompt the user to add an email to use as a contact.
- If the email address matches a user's email address in Zendesk Support, Zendesk will ask the user to enter their Zendesk password. After validated, the contact information is added to the user's profile.
- If the email address does not match a user in Zendesk Support, a new user will be created, and Zendesk will send a verification email. If the user is a duplicate of a pre-existing Zendesk Support user, you can merge the users (see Merging a user's duplicate account).
If your Zendesk Support instance is closed or restricted, and a user tries to sign in with a business or social account email that does not exist in Zendesk Support, their request to authenticate will be rejected. To enable a user to sign in with a social or business account that uses a different email, you will need to add the account email as a contact in Add contact on their user profile.
For more information on modifying a user's profile, see Updating your user profile and password.
After the one-time authorization is completed, the user is seamlessly signed in to Zendesk Support. On subsequent visits, if the user is already signed in to the account, they will be immediately signed in to Zendesk Support after they click the associated social or business sign-on button. If they aren't already signed in with the social or business account, they will be prompted to.
Enabling social and business SSO
You can enable social and business SSO, without any custom configuration. End users can use Twitter, Facebook, Google, and Microsoft. Agents and admins can only use either Google or Microsoft.
To enable social and business SSO
- Click the Admin icon () in the sidebar, then select Settings>Security.
- Click the Admins & Agents or End-users tab. You can set different SSO permissions for both groups.
If you started using Zendesk Support on or after August 21, 2013, the End-users tab is not available until you activate the Help Center. See Getting started with Guide.
- Select each of the SSO options you want to enable.
- If you want all users to only use the single sign-on method, select the option to disable Zendesk passwords. Any Zendesk passwords will be permanently deleted from the account within 24 hours.
- If you disabled Zendesk passwords, select whether only the account owner or admins (which includes the account owner) can be granted access to the account in case the sign-in provider does down.
The account owner or admins can request to receive an email containing an one-time access link. Clicking the link grants them access to the account. No password is required. See Accessing the account if passwords are disabled.
- Click Save.
The sign-in links appear on your Help Center sign-in page.