Single sign-on (SSO) options in Zendesk Follow

Comments

18 comments

  • Avatar
    Joseph May

    Hi there Michael-

    Thanks for writing in. We support both OAuth as well as JWT/SAML, but these are different mechanisms (and often cause for confusion). OAuth is an authorization protocol that allows a user to selectively decide which services can do what with its associate data.

    SSO is an authentication / authorization flow through which a user can log into multiple services using the same credentials, e.g. for users logging into multiple domains.

  • Avatar
    Nick Malone

    @Mayank M,

    There are no known issues with end-user or agent JWT sign-in that I am aware of. I will be creating a ticket for you so we can look into this further.

  • Avatar
    Юрий Зигунов

    Hi ,

    I have a similar workflow like Michael. At the moment, are there some other way of setting a password besides getting a link via email?

  • Avatar
    Dmitry Kirilyuk

    >> your corporate user authentication system is synced with your Zendesk. ... if you delete a user account because an employee has left the company, that employee no longer has access to your Zendesk.

    It's not really true. If user visit help center by direct link after his/her deletion and zendesk session cookie is not expired yet then help center will authenticate the user. Is there any way to invalidate user session?

  • Avatar
    Travis Smith

    I'm trying to get a demo of a successful SAML single sign on integration as a proof of concept for my Product and Engineering teams. Can you recommend a partner who could show me this in action?

  • Avatar
    Anna Everson

    @Dmitry - The only way to kill another user's session is with the API:

    https://developer.zendesk.com/rest_api/docs/core/sessions

    It may also be possible to do this using tools from your identity provider, but you would have to check with them to explore that possibility.

  • Avatar
    Ross Newton (Edited )

    My app uses the user's email address and secure password to authenticate users logging in. Is there a way to use that same login to authenticate them for my Zendesk KB/help center/community center?

    It's kinda gross to make them create another login for getting support in my app.  

    Is this article saying it's possible if I use "Login with Facebook/Google/etc."?  

  • Avatar
    Garrick Rohm

    Hi Michael,

    It sounds like you have a specific workflow in mind - I'm reaching out to you via a ticket where we can continue this discussion.

     

  • Avatar
    Garrick Rohm

    Hi Michael,  

    You can disable the email verification email for new users submitting tickets by:

    • Navigating to Settings > Customers in your Admin menu
    • Checking the 'Anybody Can Submit Tickets' checkbox

    • Unchecking the 'Ask Users to Register' checkbox

    Please give that a try and let me know if you're still experiencing issues - I'm happy to help!

  • Avatar
    Michael Roed

    Hi Garrick.

    Thank you. So far so good but how do users log in to check status in the ticket they have submitted?

  • Avatar
    Jessie Schutz

    Hey Michael!

    As long as you have your Help Center active, they'll be given the option to log in from the upper right corner of the window.

  • Avatar
    Michael Roed

    I need a way for users to signup without validating them via email. Just typing in name, username/email and password when registering and after this be granted access immediately to check their ticket status in the HC.

    Would this be possible if using SAML?

  • Avatar
    Michael Roed

    Hi Garrick.

    Thank you for clearifying but with this method the users will need to varify via email which I do not want as mentioned in my last question. So this ends up in a catch 22 :)

    That is why I am asking these questins in the SSO thread as I want users to check ticket status without email validation.

    I am thinking of a user signup where they choose their own password when registering with no email validation

    Would this be possible using some kind of SSO?

  • Avatar
    Michael Goldman

    Whats confusing is that the CORE API documentation lists Oauth 2.0: https://developer.zendesk.com/rest_api/docs/core/oauth_clients

     

    Here, it only lists JWT and SAML. Please elaborate on whether Oauth 2.0 is supported.

  • Avatar
    Garrick Rohm

    Hi Michael,

    In order to check the status of a ticket they've submitted, users would return to your Help Center and click the 'Sign In' button in the upper-right of your Help Center.

    They can then generate an email to set a password using either the 'Forgot my Password' or 'Get a Password' links in the resultant login pop-up:

    After setting a password, they'll be logged into your Help Center and can access their My Activities view from the Profile drop-down in the upper-right corner to interact with their existing tickets.

  • Avatar
    Michael Roed

    Hi Jessie.

    But that would require a password that they do not have because they cannot set it via email ot are there some other way of setting a password besides getting a link via email?

    I am beginning to think that Zendesk cannot meet this requirement. All I want to do is having the users login to check ticket status without an email being involved at any!!! point.

  • Avatar
    Jessie Schutz

    Hey there!

    The only way your end-users can change their passwords is via email link. However, Administrators in your Zendesk can reset or change passwords on behalf of your end-users. You can find more information about that here: Resetting user passwords.

  • Avatar
    Mayank M

    Hello, I'm trying to accomplish JWT single sign on via my application into Zendesk. I was able to do SSO for "Agents", but same snippet of code is not working for "End-users". Is there a known issue or configuration to fix this?

    I can share my code for those who are interested.

    Thanks in advance.

Please sign in to leave a comment.

Powered by Zendesk