How can I prevent agents in one group from seeing another group's tickets? (for example, keeping HR tickets separate from other teams)
There are two ways to implement such workflow in your company.
- Build on main instance
You can create different Groups within your account and make sure agents can only see the tickets assigned to their groups.
To create a group
- Click the Admin icon () in the sidebar, then select People.
- Select Add group.
- Enter a group name.
- Select the agents you want to add to the group.
- Click Create group.
When you add agents you can define their privileges in their profile page. One of those privileges is called Access. This defines the agent's access. For the purpose of this article, these agents should have access to Tickets in agent's groups.
This solution keeps the admins under the same interface, managing all departments within the same account. However, each admin will have access to data from all groups. In such workflow, there is a lot of remediation and work to be done to keep the departments totally separated.
Finally, agents will always be treated as agents, which means that if the agent is the requester of a ticket of a different group, the system will send internal notes notifications for that ticket. This also means, an agent won't be able to request tickets through the Help Centre because the ticket form is only available to end-users.
- Build on two instances
To keep the sensitive data private without a lot of effort, you can purchase two different accounts. This solution makes it easier to change workflows in your instances.
Unfortunately this also means that any SSO customisation would become more complicated too, because Active Directory needs to be connected to two instances.
If you need to share a ticket between two instances, you can set up a sharing agreement between both accounts. A sharing agreement grants another account permission to work on your tickets (see Sharing tickets with other Zendesk Support accounts).