Single sign-on (SSO) options in Zendesk

Return to top
Have more questions? Submit a request

48 Comments

  • Andrew Soderberg
    Community Moderator

    We have Zendesk Enterprise Support and Enterprise Guide. We are adding a new second Brand. The the first Brand is for our existing products and uses Zendesk's built-in login (no SSO). Our Agents login via SSO with MS Azure. The new second Brand will be used for our SaaS services that will require the use of a SSO (SAML or JSON web token compatible). 

    Can we setup Zendesk so that the second Brand uses SSO for that customer base (completely separate audience than the users of our first brand), and our customers in the first Brand continue to authenticate with their existing built-in Zendesk credentials? If so, how do we set this up?

    Thanks,

    Andy

    0
  • Brett Bowser
    Zendesk Community Team

    Hi Andrew,

    I'm afraid this is a current limitation of our Single-Sign On (SSO) feature as mentioned in Multibrand known issues. Currently, you may only choose one authentication option for each user type (agent or end-user) and thus, you can't implement SSO for brand-X and brand-Y and Zendesk authentication for brand-Z. 

    The only alternative I can think of is if you set up SSO for all your end-users, but for your first brand you customize the sign-in link to direct those users to subdomain.zendesk.com/access/normal. This will allow them to log in using the native Zendesk login where as users from your second brand should be directed to your SSO page by clicking the default sign-in button.

    Hope this helps!

    0
  • Riaan Lombard

    Hi, 

    When trying to enable SSO for end users it takes me to a 404 Page not found. This is the url https://investminthelp.zendesk.com/admin/security/sso

     

    0
  • Jessica G.
    Zendesk Team Member

    Hey Riaan!

    Thank you for contacting us! I have already updated your ticket with Support so we'll be updating you from there! :)

    0
  • Patrick Harland-Lee

    Link to 'Enabling social and business account single sign-on' is broken

    0
  • Patrick Harland-Lee

    Just out of interest, what are some implications of letting users sign in with their social media accounts?

    0
  • Brett Bowser
    Zendesk Community Team

    Hey Patrick,

    Good catch! I updated the article and fixed the link you referenced :)

    Enabling this can provide your users with more options for signing in which may be a bit more appealing than having to create a separate login for your Help Center.

    Happy to answer any additional questions if you have any!

    0
  • Adrien Missemer

    Hi,

    When JWT authentication is enabled for End Users, it is possible to let them Sign In with user/password by sending them to X.zendesk.com/access/normal, but there is no Sign Up link on this page so they cannot register. Is there a way to allow (some) users to Sign In with JWT (those users who have access to our application) while letting others Sign Up and Sign In with Zendesk authentication?

    Thanks,

    Adrien

    0
  • Brett Bowser
    Zendesk Community Team

    Hey Adrien,

    There wouldn't be a way to remove the sign up option unless you disabled the Anybody can submit tickets option under Admin>Settings>Customers. Disabling this option would then require you to manually add any users to your account for them to have access and ability to submit you tickets.

    The pop-up you're referencing that contains the sign-up option cannot be edited in any way at this time.

    Let me know if you have any other questions!

    0
  • Derek Yanoff

    If I deploy Enterprise SSO after some of my end-users already have ZenDesk accounts, will those accounts be deleted or synced when they sign in with the new Enterprise SSO option?

    0
  • Sergei
    Zendesk Team Member

    Hi Derek,

    It will mostly depend on SSO settings on IdP's side (is provisioning enabled or not, and if enabled - which values are pushed to Zendesk upon log on etc), but in general - no user can be deleted by SSO or any other auth. process. 
    SSO can do one/all of the following: demote/promote users (by passing role attribute in your xml payload) and change their name, organisations and so on.
    Users will be synched at the most. At the least 0 simply allowed to enter your Help Center as is, without any changes to their profile/role/etc

    1
  • Edwin Schukking

    Hi,

    We have a mobile panel and were wondering, whether we can also set up SSO with mobile phone numbers instead of email addresses.

    Thanks!

    0
  • JJ
    Zendesk Customer Advocate

    Hello Edwin.

    That would unfortunately not be possible since it is not supported within the SSO integration.

    Sorry for that.

    Have a great day and stay safe!

    0
  • Ronen Rayten

    Hi,

    We just purchased Zendesk and want to use Guide as our knowledge center.

    Our product is built as single tenant, means each customer (a business) will have its own instance in our cloud. We would like to connect our Zendesk Guide instance with SSO to all of our tenants (product docs are similar for all). Each business/customer has its own SSO of course.

    Couldn't find a solution for that setup in the articles above. Is there a way to do this?

    many thanks!

    Ronen

    0
  • Bruce Michelsen

    In our Zendesk instance, we’re concerned with whether unsigned-in/anonymous users will still see articles--that don’t require signing in--after enabling Enterprise SSO.

    Our Zendesk instance is “closed”, meaning users can view articles (depending on permissions) in the Help Center anonymously or after signing in. (Only signed-in users can submit tickets.)

    Using Enterprise SSO, users that do not sign in SHOULD still be able to view the articles that are set for anonymous viewing. Right?

    1
  • Giuseppe
    Zendesk Customer Advocate

    Hi Ronen,

    It looks like you'll want to use custom JWT script and Multibranding as outlined in this article -Multibrand - Using multiple JWT single sign-on URLs.

    Aside from that, you might also want to check Choosing the best authentication option for my account for more information about what kind of authentication you should use based on your account.

    Hi Bruce,

    End-users should still be able to view your Articles as long as the visibility is set to everyone, even without signing in. For more information about visibility settings, see Setting view permissions on articles with user segments

     

    1
  • Kornelia Szabo

    I am wondering if it is possible to set up SSO but with different redirect links for different environments, such as one url for prod and another for dev?

    0
  • Cheeny Aban
    Zendesk Customer Advocate

    Hi Kornelia,

    As of the moment, there is no native way to do that in Support.

     

    0

Please sign in to leave a comment.

Powered by Zendesk