English (US)
  1. Zendesk help
  2. Support
  3. Advice and troubleshooting
  4. User access and security

Setting up SSO for host-mapped domains

Kate Hastings
  • Edited

Question

If my Help Center is host-mapped, do I set up the SSO to point at the host-mapped domain?

Answer

No, you will still set up the SSO to direct to your subdomain.

.zendesk.com

For more information on SSO, see SSO (single sign-on) options in Zendesk.

Note: You can enter your subdomain above only if you are viewing this article in our Help Center. If you're viewing this article in the Web Widget, click the arrow icon () in the upper-right hand corner of the Web Widget to open this article in a new browser tab.
Return to top
Have more questions? Submit a request

6 Comments

  • Shane Pinnell

    So I'm having an issue where my host mapped URL (helpdesk.mycompany.com) redirects to SAML based login, but the SAML provider (Google) returns an error of:

     

    403. That’s an error.

    Error: app_not_configured_for_user

    Service is not configured for this user.

     

    Everything works fine when using Google's link for accessing Zendesk which points to the Zendesk URL and not my custom mapped domain.

    0
  • Brett Bowser
    Zendesk Community Team

    Hey Shane,

    We made a change on our end that should hopefully resolve the issue you're experiencing.

    Can you confirm whether or not you're still experiencing issues with logging in?

    May need to do a quick browser refresh as well.

    Keep me posted!

    0
  • master user

    Greetings

    I am experiencing the same 403 Error that Shane experienced above.  After configuring SSO using your documents, everything worked great for weeks.  Then about a week ago we noticed that SSO failed and generated the 403.  Today it worked only using Safari vice Chrome, but then it failed again.  Please investigate.

    Jeff

    0
  • Phil Calvin

    The default Entity ID Google suggests, https://{domain}.zendesk.com, is not correct. It needs to match what Zendesk passes during SP-initiated login, which does not include the protocol:

    <?xml version="1.0"?>
    <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="samlr-scrubbed" IssueInstant="2020-09-10T15:12:09Z" Version="2.0" AssertionConsumerServiceURL="https://yourdomain.zendesk.com/access/saml"><saml:Issuer>yourdomain.zendesk.com</saml:Issuer><samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/></samlp:AuthnRequest>

    Make sure Entity ID is set to yourdomain.zendesk.com on the Google/G Suite side if you get this error.

    0
  • Maggie

    To confirm - we can still using a custom help center domain and SSO, it's just that when coding up the SSO we need to use the zendesk domain? Does that mean we cannot redirect to our help center at a custom domain?

    0
  • Brett Bowser
    Zendesk Community Team

    Hey Maggie,

    If I'm understanding you correctly, you should be able to set up SSO while host-mapping your Help Center without issue. While the SSO settings will point to the default Zendesk subdomain, users should be redirected to your host-mapped URL after being logged in.

    Let me know if I'm misunderstanding your question!

    0

Please sign in to leave a comment.

Related articles

Powered by Zendesk