Single Sign On (SSO) with Zendesk Sell can be set up with any SAML 2.0 compliant identity provider, eliminating the need for your users to remember a separate password for Sell. SSO configuration is available on the Sell Elite plan only.
SSO helps simplify identity management and increases security compliance with your organization's policies. If you're already using an identity provider such as Okta, OneLogin, or PingIdentity, setting up SSO with Zendesk Sell is straightforward. You can choose any SAML compliant identity provider with Sell if you don't already have one set up.
For guidance on setting up ADFS with Sell, see Configuring Microsoft ADFS Single Sign On (SSO) with Sell.
You need admin rights to set up SSO in Sell.
Single Sign On can be enabled for your entire account from Settings > Integrations > Single Sign On, however depending on your account, there are two ways that you can set up SSO in Sell.
- For Zendesk Sell accounts (that is, if your Sell account was created after January 7, 2020, or has been migrated to Zendesk), see Zendesk Sell accounts: setting up SSO
- For Sell Legacy accounts (that is, if your Sell account was created before January 7, 2020, and has not been migrated to Zendesk), see Sell Legacy accounts: setting up SSO
For more information about whether you are on a Zendesk Sell or Sell Legacy account, see Understanding account changes for migrated Sell accounts.
Zendesk Sell accounts: setting up SSO
For Zendesk accounts, all SSO settings are managed through the Zendesk Admin Center.
To set up SSO
- If you have multiple Zendesk products, you can access the Admin Center directly from your Product Tray.
Alternatively in Sell, click the Settings icon (), then select Integrations > Single Sign On.
- Click Configure. A new window opens for the Zendesk Admin Center.
- Follow the guidance in Enabling SAML SSO to set up SSO.
See Managing security settings in Admin Center for more information.
Sell Legacy accounts: setting up SSO
For Legacy accounts, all SSO settings are managed directly in Sell.
To set up SSO
- Click the Settings icon (), then select Integrations > Single Sign On.
- Click Configure. You'll see the Zendesk Sell account UUID, Service Provider Issuer ID, and Service Provider Assertion Consumer Service URL information on this page. You'll need to provide this information to your identity provider.
- Select Automatic Setup or Manual Setup.
- If you select Automatic Setup, enter the metadata URL for your identity provider. Most identity providers offer one URL to transfer this information.
- If your Identity Provider doesn't provide a single URL for configuration, select Manual Setup, enter the following information:
- Click Save.
Your SSO settings are configured.
The following table lists the parameter name, parameter value and any comments about each SSO setting.
Parameter Name Parameter Value Comments Single Sign On URL Service Provider Assertion Consumer Service URL value from Zendesk Sell settings
This is a custom URL for each Zendesk Sell account, based on UUID generated during SSO configuration.
The same value should be used for Recipient URL and Destination URL if these are defined independently.
Audience Restriction Service Provider Issuer ID value from Zendesk Sell settings This is a custom URL for each Zendesk Sell account, based on UUID generated during SSO configuration. NameID Format EmailAddress Application Username Response Signed Assertion Signed & Encrypted Signature Algorithm RSA-SHA1 Digest Algorithm SHA1 Single Log Out URL Leave this empty, as it is not supported. Default RelayState Leave this empty, as it is not supported.
Logging in to Zendesk Sell with SSO enabled
With SSO enabled, users continue to log in to Zendesk Sell from their default login page, but you'll need to enter the email address registered to Sell, that is, your login email.
Zendesk Sell automatically verifies the email address against your identity provider, and if you're already logged in to your identity provider, you'll be automatically logged into Sell.
If you're not already logged into your identity provider, you'll be redirected to their login page to enter your login details. As soon as you're authenticated, you'll be automatically logged into Zendesk Sell.
If you're logging in from a Sell mobile app, enter your Zendesk Sell email address in order to begin the sign in process on your device. Depending on your device, you'll be redirected to your browser or your identity provider's app to complete sign in.
If you're an administrator on your Zendesk Sell account, you'll be able to select an option to log in with an email and password on the login page. All non-administrator users will need to use SSO to log in.
You need administrator rights to change the email address registered to Sell. Non-admin accounts won't be able to change the email address used to log in.