Question
If my Help Center is host-mapped, do I set up the SSO to point at the host-mapped domain?
Answer
No, you will still set up the SSO to direct to your subdomain.
.zendesk.com
For more information on SSO, see SSO (single sign-on) options in Zendesk.
Note: You can enter your subdomain above only if you are viewing this article in our Help Center. If you're viewing this article in the Web Widget, click the arrow icon (
) in the upper-right hand corner of the Web Widget to open this article in a new browser tab.

6 Comments
So I'm having an issue where my host mapped URL (helpdesk.mycompany.com) redirects to SAML based login, but the SAML provider (Google) returns an error of:
403. That’s an error.
Error: app_not_configured_for_user
Service is not configured for this user.
Everything works fine when using Google's link for accessing Zendesk which points to the Zendesk URL and not my custom mapped domain.
Hey Shane,
We made a change on our end that should hopefully resolve the issue you're experiencing.
Can you confirm whether or not you're still experiencing issues with logging in?
May need to do a quick browser refresh as well.
Keep me posted!
Greetings
I am experiencing the same 403 Error that Shane experienced above. After configuring SSO using your documents, everything worked great for weeks. Then about a week ago we noticed that SSO failed and generated the 403. Today it worked only using Safari vice Chrome, but then it failed again. Please investigate.
Jeff
The default Entity ID Google suggests, https://{domain}.zendesk.com, is not correct. It needs to match what Zendesk passes during SP-initiated login, which does not include the protocol:
<?xml version="1.0"?>
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="samlr-scrubbed" IssueInstant="2020-09-10T15:12:09Z" Version="2.0" AssertionConsumerServiceURL="https://yourdomain.zendesk.com/access/saml"><saml:Issuer>yourdomain.zendesk.com</saml:Issuer><samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/></samlp:AuthnRequest>
Make sure Entity ID is set to yourdomain.zendesk.com on the Google/G Suite side if you get this error.
To confirm - we can still using a custom help center domain and SSO, it's just that when coding up the SSO we need to use the zendesk domain? Does that mean we cannot redirect to our help center at a custom domain?
Hey Maggie,
If I'm understanding you correctly, you should be able to set up SSO while host-mapping your Help Center without issue. While the SSO settings will point to the default Zendesk subdomain, users should be redirected to your host-mapped URL after being logged in.
Let me know if I'm misunderstanding your question!
Please sign in to leave a comment.