Single sign-on (SSO) options in Zendesk

Return to top
Have more questions? Submit a request

43 Comments

  • Andrew Soderberg
    Community Moderator

    We have Zendesk Enterprise Support and Enterprise Guide. We are adding a new second Brand. The the first Brand is for our existing products and uses Zendesk's built-in login (no SSO). Our Agents login via SSO with MS Azure. The new second Brand will be used for our SaaS services that will require the use of a SSO (SAML or JSON web token compatible). 

    Can we setup Zendesk so that the second Brand uses SSO for that customer base (completely separate audience than the users of our first brand), and our customers in the first Brand continue to authenticate with their existing built-in Zendesk credentials? If so, how do we set this up?

    Thanks,

    Andy

    0
  • Brett Bowser
    Zendesk Community Team

    Hi Andrew,

    I'm afraid this is a current limitation of our Single-Sign On (SSO) feature as mentioned in Multibrand known issues. Currently, you may only choose one authentication option for each user type (agent or end-user) and thus, you can't implement SSO for brand-X and brand-Y and Zendesk authentication for brand-Z. 

    The only alternative I can think of is if you set up SSO for all your end-users, but for your first brand you customize the sign-in link to direct those users to subdomain.zendesk.com/access/normal. This will allow them to log in using the native Zendesk login where as users from your second brand should be directed to your SSO page by clicking the default sign-in button.

    Hope this helps!

    0
  • Riaan Lombard

    Hi, 

    When trying to enable SSO for end users it takes me to a 404 Page not found. This is the url https://investminthelp.zendesk.com/admin/security/sso

     

    0
  • Jessica G.
    Zendesk team member

    Hey Riaan!

    Thank you for contacting us! I have already updated your ticket with Support so we'll be updating you from there! :)

    0
  • Patrick Harland-Lee

    Link to 'Enabling social and business account single sign-on' is broken

    0
  • Patrick Harland-Lee

    Just out of interest, what are some implications of letting users sign in with their social media accounts?

    0
  • Brett Bowser
    Zendesk Community Team

    Hey Patrick,

    Good catch! I updated the article and fixed the link you referenced :)

    Enabling this can provide your users with more options for signing in which may be a bit more appealing than having to create a separate login for your Help Center.

    Happy to answer any additional questions if you have any!

    0
  • Adrien Missemer

    Hi,

    When JWT authentication is enabled for End Users, it is possible to let them Sign In with user/password by sending them to X.zendesk.com/access/normal, but there is no Sign Up link on this page so they cannot register. Is there a way to allow (some) users to Sign In with JWT (those users who have access to our application) while letting others Sign Up and Sign In with Zendesk authentication?

    Thanks,

    Adrien

    0
  • Brett Bowser
    Zendesk Community Team

    Hey Adrien,

    There wouldn't be a way to remove the sign up option unless you disabled the Anybody can submit tickets option under Admin>Settings>Customers. Disabling this option would then require you to manually add any users to your account for them to have access and ability to submit you tickets.

    The pop-up you're referencing that contains the sign-up option cannot be edited in any way at this time.

    Let me know if you have any other questions!

    0
  • Derek Yanoff

    If I deploy Enterprise SSO after some of my end-users already have ZenDesk accounts, will those accounts be deleted or synced when they sign in with the new Enterprise SSO option?

    0
  • Sergei
    Zendesk team member

    Hi Derek,

    It will mostly depend on SSO settings on IdP's side (is provisioning enabled or not, and if enabled - which values are pushed to Zendesk upon log on etc), but in general - no user can be deleted by SSO or any other auth. process. 
    SSO can do one/all of the following: demote/promote users (by passing role attribute in your xml payload) and change their name, organisations and so on.
    Users will be synched at the most. At the least 0 simply allowed to enter your Help Center as is, without any changes to their profile/role/etc

    1
  • Edwin Schukking

    Hi,

    We have a mobile panel and were wondering, whether we can also set up SSO with mobile phone numbers instead of email addresses.

    Thanks!

    0
  • JJ
    Zendesk Customer Advocate

    Hello Edwin.

    That would unfortunately not be possible since it is not supported within the SSO integration.

    Sorry for that.

    Have a great day and stay safe!

    0

Please sign in to leave a comment.

Powered by Zendesk