In support, and especially B2B support, it's a fairly common to restrict specific content in your knowledge base and/or your contact form depending on who's currently connected to your account. For example, when supporting multiple companies, you don't want Company A to see Company B's knowledge base articles. Company C might be the only one allowed to see a specific Ticket Form. Or, perhaps, Company D would like a specific email template. Every company has different customizations and you need to stay on top of them all.
Today, I will show you how you can easily customize your end-users' knowledge base, email template,s and ticket forms in Zendesk Support once and for all. Better yet, I'll show you how to automate this process using single sign-on (SSO).
We'll do this in 4 sections:
Setting up JSON web token to enable single sign-on
To ease the process, we'll use single sign-on to create end users based on the information that you already have in your database. For example, since you know that Mr. Travis Bickle works for the organization BlueBerry, you consider him as a VIP and that information is already available in your database. We'll simply create the user in Zendesk Support on the fly and put it under the correct organization.
We'll then use that organization to restrict access to KB articles and/or tickets forms.
- In any product, click the Zendesk Products icon (
) in the top bar, then select Admin Center.
- Click the Security icon (
) in the left sidebar, then click the Single sign-on tab.
- For JSON Web token, click Configure.
- Set up JSON Web Token between your identity management system and Zendesk Support by following this guide (don't hesitate to use one of our open source scripts )
- Include the organization attribute in your JWT payload to create the end-user in the correct organization each time.
JWT claims hash: {"iat"=>xxx, "jti"=>yyy, "name"=>"Travis Bickle", "email"=>"t.bickle@gmail.com", "external_id"=>"5678", "organization"=>"BlueBerry", "tags"=>"vip", "locale_id"=>"8"}
You can see above an example response for Travis working at BlueBerry with the end-user profile tag vip . So at the moment that end user is connected on your website and clicks on the Support link, for example, we'll create said end-user account in Zendesk Support with the correct information, like this one:
Creating a restricted knowledge base
One the great benefits of the Help Center is to be able to create multiple Knowledge Bases and restrict access to them by the end-user's language, tag, or organization through one Zendesk Support instance. In this example, we'll focus on the organization BlueBerry from Travis.
- Sign into Zendesk as an administrator and click the Help Center icon (
) in the sidebar.
- Create your Help Center content and add a specific section for BlueBerry, to continue with this example.
- Restrict access to that specific section only to people working for BlueBerry.
Now only end-users in the organization BlueBerry will be able to access this content.
We could go even further now and already restrict access based on the end users with the Tag vip , for example. You have a bunch of possibilities within the same Help Center. Let's keep it simple for now.
Customizing the Help Center theme to hide/show ticket forms
Ticket forms are natively viewable by either all or no end users. Now we'll need to create ticket fields, add them to a form and use JavaScript to make the form automagically show/hide based on the end user connected.
- Click the Admin icon (
) in the sidebar, then select Manage > Ticket Fields.
- Create your ticket fields . Don't forget to set fields to "Editable" so your end users can see them.
- Create at least two ticket forms . Don't forget to make them viewable by your end users.
- We'll now work with the organization name, BlueBerry, the specific BlueBerry ticket form ID, and add some JavaScript to our Help Center.
Our colleague Robbert published a tip explaining how to hide/show fields. See here .
Find the ticket form ID
- Click the Admin icon (
) in the sidebar, then select Manage > Ticket Forms .
- Select the appropriate ticket form from your list of ticket forms.
- Find the ID number in the URL after the last slash.
Find the organization name
- Click the Admin icon (
) in the sidebar, then select Manage > People .
- Browse or search organizations to find the right organization name. We'll continue with our example, BlueBerry

Have fun with JavaScript
$(window).load(function() {
var i = 0;
var cZendesk = false; //assume user is not part of the BlueBerry Organization
//reserve space for additional organizations
var checkExist = setInterval(function() {
i++;
if ($("a.nesty-input").length){
clearInterval(checkExist);
$("a.nesty-input").each(function() {
$(this).bind( "click", function() {
for (var c in HelpCenter.user.organizations) {
if (HelpCenter.user.organizations[c].name == "BlueBerry"){
cZendesk = true; //if user is part of the organization called "BlueBerry", then set its variable to true.
}
//reserve space for additional organizations
}
if (!cZendesk){
$("#TICKET_FORM_ID").remove(); //replace the "TICKET_FORM_ID" with the proper id from the dropdown list. Leave the pound sign intact.
}
//reserve space for additional organizations
});
});
}
if (i > 10){
clearInterval(checkExist);
}
}, 100);
});
Important! You will have to edit the code above, please follow these steps.
- Replace "TICKET_FORM_ID" with the actual ticket form ID we found above.
- Replace "BlueBerry" with the actual organization you want the ticket form to show for.
- Copy the code block above.
- Paste the code into the JavaScript section of your Help Center .
- Save your template and publish changes to see the effects.
Customizing the look of outbound emails
This is optional, but you might also want to have a different look and feel of the emails being sent to Travis from BlueBerry compared to emails sent to "regular" customers. You can achieve this using Liquid Markup and triggers.
- Click the Admin icon (
) in the sidebar, then select Business Rules > Triggers .
- To continue with this example, let's create a trigger with conditions:
- Ticket is Created
- Organization is BlueBerry
- And actions:
- Add Tag blueberry
- You may want to remove your company logo, if you added one, in the email template under Channels > Email .
- Go back to Triggers, spot the default trigger called "Notify requester of received request", and clone it .
- In the conditions, add
- Tag contains one of the following values - blueberry
- Scroll down to the actions and modify the email being sent out
This is the original content:
Your request ({{ticket.id}}) has been received and is being reviewed by our support staff.<br /><br />To add additional comments, reply to this email.<br /><br />
This is the new content:
{% capture tags %}
{{ ticket.tags }}
{% endcapture %}
{% if tags contains 'blueberry' %}
<img src="https://LINK/TO/LOGO.png" /></center>
{% endif %}
Your request ({{ticket.id}}) has been received and is being reviewed by our support staff.<br /><br />To add additional comments, reply to this email.<br /><br />
We're using Liquid Markup to capture the Tags of the ticket and adding conditions to add different logos based on the tag present in the ticket. You can see a couple of other Liquid Markup examples here .
Final result
That's it! You can now rely on this customization to automatically create end-users via SSO from your identity management system. You'll know end-users will have access only to the information they should see and nothing else.
Now, let's see what Travis, the end-user from BlueBerry, can see compared to another end-user from a different organization.
Before (ticket submission):
After (ticket submission):
Before (knowledge base):
After (knowledge base):
Before (email):
After (email):
12 Comments
Is there any way to eliminate the drop down menu to select the Ticket Form? I only have two Ticket Forms in the system. One that is specific for one of our organizations and the other is our general purpose ticket. So basically if you are part of said organization you'll only ever see the one form and vice versa for the general purpose ticket for individual users which makes the drop down irrelevant.
Hey Steve!
Although this guide (https://support.zendesk.com/hc/en-us/articles/206977397) references multiple brands the concepts outlined here should still be applicable to your request. If you have further questions about the processes outlined in the article I've linked here I would recommend commenting there!
Is there any way to use the method above to restrict Customers' ability to attach files to tickets? i.e. One ticket form would allow attachments, but the other would not.
Thanks
Jeff.
Hey Jeff! Welcome to the Community!
It may be possible to do this with JS...I'm not sure whether it's something you'd be able to do on a per-form basis or not, though. I'm going to see if any of the coding gurus amongst our Moderators have any insight into this for you!
Hi Jessie.
I know it's been awhile, but were ever able to find someone who could address my question?
thanks,
Jeff.
Hey Jeff,
I was able to find some example JS that you could use to restrict access for certain users in the ServiceNow community. Along with that link, this community post should also help: Hiding attachment/system fields on ticket form.
We apologize for the delay in our response, and hopefully these links help!
Hi Patrick.
Unfortunately, the link to ServiceNow resulted in the following error message:
The content you requested cannot be displayed right now. It may be temporarily unavailable, the link you clicked on may have expired, or you may not have permission to view this page.
Would it be possible for you to provide the JS that you were referring to?
The other article was helpful.
Thanks
Jeff.
Jeff,
Try this direct link, https://community.servicenow.com/community?id=community_question&sys_id=7edb4be1db9cdbc01dcaf3231f96194d.
This should allow you access to view the post.
Hi There,
Good read! I do have a question and would love to hear some input. Our company currently has two apps so our end-users choose support from #1 or #2. Our ticket forms vary slightly between the two.
The difficulty that our Support Team faces is that our users do not utilize an email so SSO is not an option. However, we now offer SMS support so would we be able to utilize this feature?
Any insight would be greatly appreciated! Thanks.
Allison
Hi Allison,
I'm afraid that email would still be required for setting up SSO, as currently there wouldn't be an option to authenticate with just a phone number. The SSO/JWT options do require a unique identifier to be used to log in but at this time that would require an email address to use with that unique identifier. Sorry I didn't have better news about that!
Great article! I just had a quick question - is it possible to use SAML as the SSO option to accomplish the same goals? Or only JWT? Thanks!
Hey there, Rroper!
Yes, it is possible to use SAML. I found a related article you can refer to and follow on how to set that up.
https://support.zendesk.com/hc/en-us/articles/203663676-Enabling-SAML-single-sign-on-Professional-and-Enterprise-
Please sign in to leave a comment.