Configure Zendesk for your Active Directory/Microsoft environment

Return to top
Have more questions? Submit a request


  • Stephen Hudson

    I'm curious if this script could be used with the mobile SDK as well I managed to use this to get the web portal JWT auth working but am hitting a brick wall getting it to return the proper stuff for the mobile

  • Jake Bantz
    Zendesk Team Member

    Hi Stephen,

    The SDK Authentication is completely separate from the SSO configuration in your Zendesk account. As long as the JWT requests are formatted properly, you should be able to authenticate. I see you have a ticket open with us already, but I wanted to be sure to share our documentation for anyone who finds this post in the future:

    Hope this helps!

  • Reese

    Is it possible to delay the redirection to AD sign-on? Say we wanted to allow non-AD users to be able to access our help page and submit tickets using the form, would that be possible using this?

    Also, what might it take to allow both domain\username and sign in?

  • Dan Beirouty
    Zendesk Team Member

    Hey Reese!

    I'd like to get more context around what you're trying to achieve. Let me loop you in to a new ticket so we can discuss this further. See you in the ticket!

  • NSABP Foundation, Inc.

    what modifications to this code are made to pass "user_fields"?  I have tries several modifications however I have not been able to correctly pass this hash.

  • Matt Sirianni

    Matthew - check out this pull request here:

    It is updated to support passing of all supported fields, including User Fields. Be sure to read the comments. 

  • John Basile

    What are the optimal hardware recommendations?

  • Sergei
    Zendesk Team Member

    Hi John,


    For Zendesk in general? There are no hardware requirements or recomendations, except for Insights. As a rule - if your hardware can handle Chrome, Firefox or AD - it will handle Zendesk. Have a look at this article for some additional answers - 


  • Longathrow

    For anyone having problems with this code and the server time being out, you will need to modify the utils.asp file to adjust for timezone difference.  Zendesk servers are in UTC time, if your server isn't in UTC, then it will pass back the incorrect time and not authenticate with an error of "The supplied iat value is more than 3 minutes off, check your server clock."

    To fix this find the following lines

    dtmAdjusted = DateAdd("n", lngBias, dtmDateValue)
    dtmAdjusted_date = dtmAdjusted

    And modify it to the following, making sure you adjust the X in DateAdd("h", X, dtmAdjusted), to how ever many hours you are in front of behind UTC time.

    dtmAdjusted = DateAdd("n", lngBias, dtmDateValue)
    dtmAdjusted_timeshift = DateAdd("h", X, dtmAdjusted)
    dtmAdjusted_date = dtmAdjusted_timeshift

    So an example for Sydney, Australia would be -18

    dtmAdjusted = DateAdd("n", lngBias, dtmDateValue)
    dtmAdjusted_timeshift = DateAdd("h", -18, dtmAdjusted)
    dtmAdjusted_date = dtmAdjusted_timeshift

    I also had a small stumbling block when trying to login as an agent, with agents with multiple sign in options, Zendesk would have another fit.  So test the login with an end-user instead.

  • Jean-Baptiste Hennion



    Is this configuration allows us to create and delete people as soon as their LDAP account si created or deleted ?


    Thank you !

  • Gail L
    Zendesk Community Team

    Hi Jean-Baptiste, 

    This configuration won't do this, although it might be possible to design custom scripts that would accomplish it alongside the JWT SSO. 

    Microsoft also does have an Azure integration that is closer to what you describe that you could check out as an alternative.

  • Daniel Coker

    Hi Matt Sirianni

    Is it possible to federate multiple active directory from different companies to one zendesk enterprise platform

  • Brett Bowser
    Zendesk Community Team

    Hey Daniel,

    I'd recommend taking a look at the following articles:

    Multibrand - Using multiple JWT Single Sign-on URL's (Enterprise

    Setting up single sign-on using Active Directory with ADFS and SAML

    I hope this points you in the right direction!


Please sign in to leave a comment.

Powered by Zendesk