Zendesk support for cookie-restricted browsers (Safari, Chrome, Firefox)

Return to top
Have more questions? Submit a request

74 Comments

  • Aaron Parker

    Tiago Soromenho do you understand the technical implementation of vanity domain logon for Zendesk and how Safari's ITP/Chrome's same-site cookie changes work? It's not a simple fix and Zendesk are by far not the only SaaS webapp hit by this issue - the problem stems from the fact that you browse your helpdesk via your vanity domain but the signin itself is handled by zendesk.com and it is the passing of your valid login session between the two domains that Safari and Chrome have started blocking.

    Safari technical preview (beta version effectively) has resolved this issue and indeed I can now login via Safari once again. I've not tried Chrome in a while as it isn't my primary browser but I'm sure that the team working on this are trying various methods to get it working - the important thing to remember is that we are talking about the login system for everyone's Zendesk account so they have to ensure thorough testing before implementing a fix which is likely a big rework of the login process rather than a simple few lines of code.

    I get that you are angry but suggesting an entire team is fired is unfair

    8
  • Chet Farmer

    Add my voice to the chorus calling you out, Zendesk, for requiring a reduction in browser security in order to use your product. I cannot and will not mandate that for our org or our customers; it's a bad practice.

    As is, it's impossible to log into Zendesk from the browser on my iPad, or from Safari on my Mac. That's totally unacceptable. I mean, on the broad web (ie, not limiting to desktop) Safari is the #2 browser, with nearly 20%.

    Fix this.

    8
  • Aaron Rector

    We also have customers who aren't happy that they have to allow 3rd party cookies and/or allow cross-site tracking in order to get into our help center pages. When they have to lower the security stance in their browsers just to get support from us, it ends up making it look like we're not concerned about good security practices. It would be nice to see an update that removes these issues soon.

    6
  • Tiago Soromenho

    On the instruction from this post: "It is safe for them to click the link and restart the sign in."

    The problem is that the link does absolutely nothing.  (Chrome or Safari. Private mode or not. Cookies cleared or not.)   However, I am able to login on another computer, so it's certainly something that Zendesk drops on our computers. The link is supposed to reset a cookie, but that is certainly not working. Probably this is all a very bad Auth token implementation, and clearing cache and cookies does not remove bad auth access token.  I haven't seen any suggestions to resolve the issue user-side that work...

    5
  • Steve Wolaver

    What if our organization doesn't support other browsers? How long before you will have a fix for Safari?

    5
  • Tobias Linder-Geiger

    Hi Lisa Kelly

    I have created a ticket concerning this issue on October 8th. This is now open for 6 months and all my users are so frustrated and ask me weekly if we should switch to another helpdesk solution. But considering the amount of workflows we have created around Zendesk and the all the data that is in if from the last 9 years I am still reluctant.

    Zendesk should help us being better at solving the technical issues our users have and not create new ones! 

    BTW: I requested again a status today and got the same answer like in January: The engineers war working on a solution but there is no ETA. I really don't get how such a serious issue gets no high priority.

     
    4
  • Chet Farmer

    By its silence, Zendesk is making it clear that they are not willing to prioritize this problem.

    That's really unfortunate. Insisting that people reduce the security settings of their browser to use Zendesk is unacceptable, especially when the browser in question is the 2nd most popular option when mobile devices are taken into account.

    The combination of "Zendesk is broken in Safari" and the woeful state of the ZenDesk iOS app means that Zendesk is utterly unusable on an iPad. Who thought THAT was a good plan?

    If Zendesk has any intention of fixing this, they should set a timeline and stick to it. If they don't, they should say so, so that those of us who have many Safari users -- or who just wish to use ZenDesk on the go with an iOS device -- can migrate to some other service.

    3
  • Susan Puckett

    I get regular feedback on this issue from our CUSTOMERS.  I heard it twice this week.  Yes, they can use Chrome on the Mac, but their preference is Safari.  We're trying to build engagement in our community, but when they go to just sign in they hit a wall.  It's unfortunate that this hasn't been resolved. We want it to be a positive experience using the browser they prefer.  Hope this can be moved up on the roadmap sooner than later.

    3
  • Ward Clark

    Lisa Kelly, Devan - Community Manager and @Brett,

    Please let your Marketing and Sales colleagues know that I recently added "check out Zendesk for supporting my consulting clients" to my OmniFocus task list.

    Then, a few days ago, I was unable to log into the support desk for an app that's critical for my business.  I found the "End users can't sign in with Safari" topic, which led me here.  I can't imagine telling my clients they must disable an important security feature or use another browser.  And it's a huge red flag that discussion in that "End users" topic has been going on for the past 3 months with no resolution in sight.

    I just asked Google to find "alternatives to zendesk" and was pleased to see I have many to choose from.

    3
  • Kevin Arnoult

    "We'll provide another status update the week of May 11."

    Hi Nicole, any update on this by any chance? Thanks!

    3
  • Traian Vila

    Is there any plan to address this ?
    As you probably know, it's pretty common in corporate networks (and security conscious users) to enforce having 3rd party cookies disabled. This is stopping us using the host mapping feature where it's needed the most.

    I understand you need essential cookies enabled but requiring third party cookies in order to be able to login is a very abusive approach. I'm not even mentioning that your cookie policy is not mentioning the requirement for 3rd party cookies for login: https://support.zendesk.com/hc/en-us/articles/360022367393-Zendesk-In-Product-Cookie-Policy

    Thanks !

    3
  • Derek Ardolf

    Nicole S. , Caroline Kello 

    Per the comment here (and all of the comments, in general) when it comes to Safari problems: https://support.zendesk.com/hc/en-us/articles/360034788653/comments/360004629033

    > "We'll provide another status update the week of May 11."

    Has there been any progress on this?

    It looks like there hasn't, and that the only workarounds that will potentially work for Safari users are:

    • Have at least version 13.0.5 of Safari
    • Enable cross-site tracking globally (which is asking users to modify security settings that can be harmful). This involves disabling the enabled-by-default Safari setting of "Prevent Cross-Site Tracking"

    It sounds like others potentially have had luck without having to enable cross-site tracking globally by either:

    • Clearing all cookies, or
    • Opening Safari in private browsing mode

    But, I don't have a Safari browser to test at the moment, and I haven't seen other users verifying this.

    Are these findings correct?

    Is ZenDesk actively working toward native, seamless functionality with Safari still? If so, can we get these continued updates on progress as suggested?

    3
  • Sam Bellach

    Brett Bowser can you please add me to this ticket?  We are having the same issue arise with one of our users, who is also reporting that clicking the link and restarting sign in is doing absolutely nothing. 

     

    Is there any progress that has been made on this issue?  What instructions should i be giving her?  Also, is there a reason why this Feb 17 roll-out of something that could impact user sign-ins was not sent out to all Zendesk Admins?  Google Chrome is a very common browser and this is a core/critical function that needs to happen, for users to be able to successfully sign in to see their tickets. 

     

    Tiago Soromenho -- were you able to achieve any kind of resolution for your impacted user? 

    3
  • Tobias Linder-Geiger

    Kevin Tauber I totally agree with you. Promising an update and not delivering is really a no-go. But sadly I'm very much looked in with Zendesk. We have thousands of users and so much history inside Zendesk that I'm really reluctant about switching to another plattform. 

     

    2
  • Steven Englehardt

    Hello,

    I'm a browser engineer working on Firefox, and users of the pre-release versions of our browser experience the same breakage as Safari users experienced before this fix. Users of the normal release version of the browser may soon experience the same breakage on zendesk-supported sites. I've love to work with you to get ahead of that.

    Firefox also supports the Storage Access API, and it requires less intermediate steps to use it in Firefox than are required in Safari. I've posted a summary of the differences necessary here: https://bugzilla.mozilla.org/show_bug.cgi?id=1540810#c29. Our implementation of the Storage Access API is fully documented here: https://developer.mozilla.org/en-US/docs/Web/API/Document/requestStorageAccess.

    I'm happy to engage further if you have any questions.

    2
  • Kevin Tauber

    Don't tell people you're going to give an update and never bother. When I signed up for Zendesk this issue was pending a resolution and I decided to give you guys the benefit of the doubt. With this issue and other issues I've tried getting support on it's clear that Zendesk is going to be a big waste of my time and money so I'm cancelling. My so called account manager recently tried helping me with a billing issue I'm having (after no response for two whole weeks and me having to followup to get one) he has proven to be either completely incompetent or he just doesn't care... either way I'm out of here.

    2
  • Tobias Linder-Geiger

    Hi Lisa Kelly

    Can you please give us an update. Nicole wrote "We'll provide another status update the week of May 11." and now it's end of June.

    2
  • Javier S López

    For whatever is worth, I just tried to sign in using Safari after disabling "Prevent cross-site tracking" and it finally let me in after 3 or 4 attempts. I had stopped using Safari for Zendesk for exactly this problem but it seems the issue is not consistent; it works sometimes.

    2
  • Ward Clark

    This problem is not only frustrating the companies currently using Zendesk and their customers, it's also silently affecting Zendesk sales.

    Given the popularity of Zendesk, I was looking at using it to automate client support for my consulting practice.  I halted that plan when I was unable to access Backblaze support using Safari.  Google quickly led me to this topic – see my earlier comments.

    2
  • Dan Ross
    Community Moderator

    Hey Chet Farmer,

    Zendesk's solution here is reasonable, IMO. Rather than forcing the user to allow all cookies like was previously required, they're requesting specific access for Zendesk via the Storage Access API, a much better solution.

    By asking the user to specifically allow only Zendesk to do this, you're not weakening the entire browser's security like we had to before by choosing an all or nothing cookie policy. If you trust Zendesk (and if you're using the platform, it's a reasonable assumption you do) this shouldn't be an issue to enable. Yes, it's an extra step, but it sounds like it's a one-time step from Caroline Kello's description.  If you choose to keep the more restrictive Safari defaults in place, they continue to apply and protect you elsewhere on the web, you're just giving Zendesk a trusted exception.

    Most modern applications on the web will require cookies to track user sessions and information, the idea that Zendesk operate in a cookie-less manner would be a pretty massive technical feat to pull off. In the meantime, we'd get nothing because it would take months if not years to do. I'm sure there are many other features we would like to see worked on in the meantime.  IMO this change strikes a good balance between security, flexibility and speed of delivery.

     

     

    2
  • Chet Farmer

    That's not a solution.

    "So it's probably due to a confluence of various factors that we all have in common, but most others do not. "

    That's being entirely to charitable, because it suggests the problem isn't well-understood. It is. It's trivial to recreate.

    Zendesk is just choosing not to do anything about it.

    2
  • Tiago Soromenho

    As Lisa Kelly mentioned, there is a stickiness to Zendesk that makes it hard to migrate away from it (existing integrations, customer workflows, etc.) and so we still trudge along looking for the first opportunity to use a new/different solution.  What is odd is that some co-workers on similar hardawre/software (2012-2018 Macbook Pros, macOS Catalina, latest or close to latest versions, latest Safari or Chrome, etc.) have no issues. And some others. like me, do. In those computers that do, browser caches, cookies, local storage, etc. have been cleared, several times, with reboots, with no effect.  I have a Macbook Pro running MacOS 10.15.4, with Safari Version 13.1 and Chrome v81.0.4044.92 (Official Build) (64-bit) and the problem still occurs. It doesn't seem related to browser or OS versions, but it does seem related to the browser and as Firefox on my computer works fine, although on a co-worker using same macbook, same OS and Safari and Chrome version, it works for them.  Nor is it specific to a login, as I can login in a co-worker's computer, and they also can't login on mine. And it happens on no other service, and I do use different services with vanity domains / or subdomains (freshbooks, zoho, etc.). I can login to this "root" zendesk support, but not our account's. It does seem to be specific to some piece of info that is dropped by Zendesk on those browsers (Safari and Chrome, not Firefox) regarding a specific account, and that clearing caches etc. does not remove.  Question is, what is it, and can we manually remove it to reset those browsers?  If anyone has any info on a file or folder hidden deep within our computers that we can remove and solve this issue, let us know!

    2
  • Tobias Linder-Geiger

    Hi Devan - Community Manager
    Thanks for letting me know that this issue is not forgotten. Let's hope change is happening soon.

    2
  • Matt Davis

    Dear ZenDesk: We have already begun the transition away from your services because of this issue. This is a one way trip that we put off for months. Our entire team has stopped recommending ZenDesk as a viable solution when people ask and have already warned others that were considering ZenDesk away - not only because of the issue but that the issue persists and has persisted this long.

    2
  • Michael Bierman

    It is truly unbelievable that this issue hasn’t been resolved by now. 

    Most of the companies I know use zendesk for resolving customer issues. The failure to be able to login compounds the customer’s frustration because before they can deal with the issue that brought them to the zendesk portal they have to figure out how to login at all. At first I was frustrated with the companies I have relationships with until I realized their only fault was depending on zendesk in the first place.

    This issue has been going on for over 18 months if I’m not mistaken. It is amazing that this was not a crop everything, holy s$#t fire drill. This is crucial to your mission.

    As of right now Chrome and Microsoft Edge don’t work at all on iOS. Safari and Firefox work, but only if you do the multiple clock ‘Continue’ dance. On macOS chrome does work but safari still requires the “Continue” two step process.

    chrome + edge have almost an 80% market share on desktops and 50% on tablets. How is it possible that this hasn’t been addressed yet? 

    I can’t believe in today’s world I have to switch browsers and perform ridiculous rituals just to logon to a support portal.

    I can’t say I would ever choose or recommend zendesk based on the user experience it provides. Unfortunately, I do have to use it for some interactions. Perhaps it is the indirect relationship you have with many of the end users has shielded you from the pain that this brings to users. 

    2
  • Valerie Nuñez

    Any updates here? I have a customer who refuses to let me close their ticket with our team until this is fixed.

    1
  • Steve Wolaver

    Since upgrading to Safari 13.0.5, mine works too. What is so disappointing about this episode is (1) Zendesk didn't do anything to correct the underlying issue, they let Apple do it, (2) you still have to enable cross-site tracking, which I don't like, and (3) most importantly, they are completely tone-deaf when it comes to their customer comments, complaints and requirements. The response to this whole issue is "our way or the highway". Like Tiago, I am taking the highway.

    1
  • Lisa Kelly
    Zendesk Documentation Team

    Hi Ward. I have passed your comment along to our Product Management team. 

    1
  • Chet Farmer

    Er, yeah, you definitely were. This has been a well-understood problem from day one. Nobody was confused about the cause.

    Caroline, ZenDesk made a commitment to provide an update by a certain time, and then failed to meet that commitment. Now you ask us to wait again for mid-July, which I just assume at this point actually means late August.

    I'll believe it when I see it.

    1
  • Caroline Kello
    Zendesk Product Manager

    Hey folks, 

    I'm Caroline from the Product team and I wanted to catch you up on the work that the team has been doing so far. Internally we are actively looking at how we can resolve the Safari issues our customers are reporting; we've investigate and spiked the Storage Access API that Safari has offered as the solution, but we've come to discover that the user experience is utterly confusing and something that we need to carefully consider if we want to implement. Our next step is looking at how we render the login page and if there's anything we can do with how that's architectured, but it's a tricky and arduous undertaking.

    We've also reached out to Apple, and the Safari teams in particular, to set up a meeting and to help us understand what advice and guidance they might have. For obvious reasons that's taking some time as well.

    I appreciate your patience and I understand the frustration. Thanks, Caroline.

    1

Please sign in to leave a comment.

Powered by Zendesk