Setting up SSO for host-mapped domains

Return to top
Have more questions? Submit a request


  • Shane Pinnell

    So I'm having an issue where my host mapped URL ( redirects to SAML based login, but the SAML provider (Google) returns an error of:


    403. That’s an error.

    Error: app_not_configured_for_user

    Service is not configured for this user.


    Everything works fine when using Google's link for accessing Zendesk which points to the Zendesk URL and not my custom mapped domain.

  • Brett Bowser
    Zendesk Community Team

    Hey Shane,

    We made a change on our end that should hopefully resolve the issue you're experiencing.

    Can you confirm whether or not you're still experiencing issues with logging in?

    May need to do a quick browser refresh as well.

    Keep me posted!

  • master user


    I am experiencing the same 403 Error that Shane experienced above.  After configuring SSO using your documents, everything worked great for weeks.  Then about a week ago we noticed that SSO failed and generated the 403.  Today it worked only using Safari vice Chrome, but then it failed again.  Please investigate.


  • Phil Calvin

    The default Entity ID Google suggests, https://{domain}, is not correct. It needs to match what Zendesk passes during SP-initiated login, which does not include the protocol:

    <?xml version="1.0"?>
    <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="samlr-scrubbed" IssueInstant="2020-09-10T15:12:09Z" Version="2.0" AssertionConsumerServiceURL=""><saml:Issuer></saml:Issuer><samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/></samlp:AuthnRequest>

    Make sure Entity ID is set to on the Google/G Suite side if you get this error.

  • Maggie

    To confirm - we can still using a custom help center domain and SSO, it's just that when coding up the SSO we need to use the zendesk domain? Does that mean we cannot redirect to our help center at a custom domain?

  • Brett Bowser
    Zendesk Community Team

    Hey Maggie,

    If I'm understanding you correctly, you should be able to set up SSO while host-mapping your Help Center without issue. While the SSO settings will point to the default Zendesk subdomain, users should be redirected to your host-mapped URL after being logged in.

    Let me know if I'm misunderstanding your question!


Please sign in to leave a comment.

Powered by Zendesk