Mapping attributes from Active Directory with ADFS and SAML (Professional and Enterprise)

Have more questions? Submit a request


  • Nathaniel Erlandson
    Comment actions Permalink


    Are we able to map an attribute to place an agent in a certain zendesk group? I'm guessing this may be an issue because the agent role needs to be given first, but I'm curious on what's possible. I haven't seen any examples in the documentation regarding mapping an attribute for group access, just for organization.

    Also, I'm guessing in order to map the agent role from an AD group, I need the agent signin switched over to SSO? I've only tried having a user sign-in via the help center, but authentication fails when I have the rule to map the role set in ADFS. Any info would be appreciated. Thanks



  • Garrick Rohm
    Comment actions Permalink

    Hi Nathaniel,

    Table 1 in the following article outlines supported user attributes for SAML SSO - unfortunately group isn't included.

    Using SAML for single sign-on (Professional and Enterprise)

    Regarding updating an agent's role, you're correct - in order to update their role via SSO you'll need to enable SAML SSO for agents and admins.

  • John Christian
    Comment actions Permalink

    how do I add the SAML attribute for light agents and group membership?

  • Shera Esquivel
    Comment actions Permalink

    Hello John!

    Since light agents are also agents, you may use this same guide for adding SAML. And for group membership, the steps are provided in this page too.


    Setting the role of a user based on their membership in a group is a two-step process. First, you create a new rule using the Send Group Membership as a Claim template. Second, you modify the definition generated by that rule slightly to create a custom rule that correctly passes the information to Zendesk.

    Please let us know if you have any further questions.

  • John Christian
    Comment actions Permalink

    Hi Shera!

    What parameters do I use for the custom rule for the light agents?

    Does the light agent still have the role (the claim) "agent" as the normal agents, or should they only have this custom rule?

    And what parameters do I use for the custom rule for the group membership?


Please sign in to leave a comment.

Powered by Zendesk