SSO (single sign-on) options in Zendesk Follow

Comments

28 comments

  • Avatar
    Dmitry Kirilyuk

    >> your corporate user authentication system is synced with your Zendesk. ... if you delete a user account because an employee has left the company, that employee no longer has access to your Zendesk.

    It's not really true. If user visit help center by direct link after his/her deletion and zendesk session cookie is not expired yet then help center will authenticate the user. Is there any way to invalidate user session?

  • Avatar
    Anna Everson

    @Dmitry - The only way to kill another user's session is with the API:

    https://developer.zendesk.com/rest_api/docs/core/sessions

    It may also be possible to do this using tools from your identity provider, but you would have to check with them to explore that possibility.

  • Avatar
    Michael Roed

    I need a way for users to signup without validating them via email. Just typing in name, username/email and password when registering and after this be granted access immediately to check their ticket status in the HC.

    Would this be possible if using SAML?

  • Avatar
    Garrick Rohm

    Hi Michael,  

    You can disable the email verification email for new users submitting tickets by:

    • Navigating to Settings > Customers in your Admin menu
    • Checking the 'Anybody Can Submit Tickets' checkbox

    • Unchecking the 'Ask Users to Register' checkbox

    Please give that a try and let me know if you're still experiencing issues - I'm happy to help!

  • Avatar
    Michael Roed

    Hi Garrick.

    Thank you. So far so good but how do users log in to check status in the ticket they have submitted?

  • Avatar
    Garrick Rohm

    Hi Michael,

    In order to check the status of a ticket they've submitted, users would return to your Help Center and click the 'Sign In' button in the upper-right of your Help Center.

    They can then generate an email to set a password using either the 'Forgot my Password' or 'Get a Password' links in the resultant login pop-up:

    After setting a password, they'll be logged into your Help Center and can access their My Activities view from the Profile drop-down in the upper-right corner to interact with their existing tickets.

  • Avatar
    Michael Roed

    Hi Garrick.

    Thank you for clearifying but with this method the users will need to varify via email which I do not want as mentioned in my last question. So this ends up in a catch 22 :)

    That is why I am asking these questins in the SSO thread as I want users to check ticket status without email validation.

    I am thinking of a user signup where they choose their own password when registering with no email validation

    Would this be possible using some kind of SSO?

  • Avatar
    Jessie - Community Manager

    Hey Michael!

    As long as you have your Help Center active, they'll be given the option to log in from the upper right corner of the window.

  • Avatar
    Michael Roed

    Hi Jessie.

    But that would require a password that they do not have because they cannot set it via email ot are there some other way of setting a password besides getting a link via email?

    I am beginning to think that Zendesk cannot meet this requirement. All I want to do is having the users login to check ticket status without an email being involved at any!!! point.

  • Avatar
    Garrick Rohm

    Hi Michael,

    It sounds like you have a specific workflow in mind - I'm reaching out to you via a ticket where we can continue this discussion.

     

  • Avatar
    Юрий Зигунов

    Hi ,

    I have a similar workflow like Michael. At the moment, are there some other way of setting a password besides getting a link via email?

  • Avatar
    Jessie - Community Manager

    Hey there!

    The only way your end-users can change their passwords is via email link. However, Administrators in your Zendesk can reset or change passwords on behalf of your end-users. You can find more information about that here: Resetting user passwords.

  • Avatar
    Travis Smith

    I'm trying to get a demo of a successful SAML single sign on integration as a proof of concept for my Product and Engineering teams. Can you recommend a partner who could show me this in action?

  • Avatar
    Mayank M

    Hello, I'm trying to accomplish JWT single sign on via my application into Zendesk. I was able to do SSO for "Agents", but same snippet of code is not working for "End-users". Is there a known issue or configuration to fix this?

    I can share my code for those who are interested.

    Thanks in advance.

  • Avatar
    Nick Malone

    @Mayank M,

    There are no known issues with end-user or agent JWT sign-in that I am aware of. I will be creating a ticket for you so we can look into this further.

  • Avatar
    Ross Newton (Edited )

    My app uses the user's email address and secure password to authenticate users logging in. Is there a way to use that same login to authenticate them for my Zendesk KB/help center/community center?

    It's kinda gross to make them create another login for getting support in my app.  

    Is this article saying it's possible if I use "Login with Facebook/Google/etc."?  

  • Avatar
    Michael Goldman

    Whats confusing is that the CORE API documentation lists Oauth 2.0: https://developer.zendesk.com/rest_api/docs/core/oauth_clients

     

    Here, it only lists JWT and SAML. Please elaborate on whether Oauth 2.0 is supported.

  • Avatar
    Joseph May

    Hi there Michael-

    Thanks for writing in. We support both OAuth as well as JWT/SAML, but these are different mechanisms (and often cause for confusion). OAuth is an authorization protocol that allows a user to selectively decide which services can do what with its associate data.

    SSO is an authentication / authorization flow through which a user can log into multiple services using the same credentials, e.g. for users logging into multiple domains.

  • Avatar
    Aaron Marr

     

    Hi, we're evaluating Zendesk and I have a question relating to single sign on.

    We support multiple brands which require separate, private help centres. 

    Will it be possible to use single sign on to authenticate users so they can view content in the help centre for their particular brand? Or does that user need to separately set up an account in Zendesk so they can view content.

    If you could give me some guidance in this area I would very much appreciate it.

    Many thanks,

    Aaron.

  • Avatar
    Jessie - Community Manager

    Welcome to the Community, Aaron!

    I'm going to find someone who can answer this for you. Stand by!

  • Avatar
    Marcin Dąbrowski

    Hi, I have a similar one. We have two brands with different end users and consider having multi-brand option within Zendesk. We would like to use SSO but redirects user to two different login URLs depending on the brand's helpdesk page they are looking at. Can it be configured this way?

  • Avatar
    Ricky Davis (Edited )

    Hey, Aaron!

    I've received the ticket created from your comment, and I will continue with you in the ticket to go over what options you will have for your specific case :)

  • Avatar
    Stephen Fusco

    Hi Marcin, 

    Thanks for your question. We do not have a native tool that will allow for two different SSO login urls but there is a workaround that is explained in this article: Multibrand - Using multiple JWT Single Sign-On URLs

    Currently that is the only workaround we have. I hope that helps and thanks again for your question. 

  • Avatar
    Majumdar, Neil

    Hi there:

     

    With SSO enabled can we still have users open tickets directly from the "deep link" - take them directly to the issue? Will that work with SSO enabled?

  • Avatar
    Max Beck

    Hi there, 

    we have a web portal that uses a user's email address and secure password to authenticate them when logging in. Is there a way to use that same login to authenticate them to our Help Center Guide automatically?

    My goal is a seamless experience for our users (no manual Zendesk Account registration, no typing of passwords later, etc.)

    However, I require that only our users have access to the Help Center Guide (only an authenticated user of our web portal should ever be able to access an article). 

     

    Thank you in advance!

  • Avatar
    Sergei Dudko

    Hi Max,

    All of your scenarios are possible with the help of SAML (Secure Assertion Markup Language). Instructions are too big to paste them here. 

    This article outlines basic steps needed to set up the whole chain:Configuring how end-users access and sign in to Zendesk Support

    And this is one guides you through the steps of SAML setup:Using SAML for single sign-on (Professional and Enterprise)

    After setup is done, your users should be able access your Help Center with no issues, assuming they have passed your authentication. 

     

     

     

     

  • Avatar
    Benjamin Cadars

    Hi Sergei,

    In the continuity of Max's question, how would you concretely set up the SAML to make sure that users can have access to the Help Center Guide using the same credentials as for our application?

    To put this another way:

    - As user A, I have an account with the application X that has an SSO integration with Zendesk

    - As user A, I want to login to the Zendesk help center using the same credentials as for application X from https://applicationX.zendesk.com/access/normal (the URL that bypasses the SSO).

    Thank you

  • Avatar
    Emily Pupack

    Hi Benjamin,

    You would not need to use /access/normal to bypass your SSO. If you use the same log in credentials from Zendesk to the Help Center you can have them log in with the SSO, no bypass needed!

    - https://applicationX.zendesk.com/hc - no /access/normal needed!

Please sign in to leave a comment.

Powered by Zendesk