If your organization uses Microsoft ADFS, you can configure Zendesk Sell for SSO. This article explains how to set up the ADFS connection, create claim rules in Sell, edit your trust settings, and configure SSO in Sell.
This article contains the following topics:
- Setting up a relying party trust
- Creating claim rules
- Setting the secure hash algorithm
- Configuring SSO in Sell
Setting up a Relying Party Trust (RPT)
The connection between ADFS and Sell is defined using a Relying Party Trust (RPT). You set this up in ADFS using a wizard.
Set up an RPT
- Launch Microsoft AD FS Management. From the Actions side bar, select the Relying Party Trusts folder, and click Start. This starts the configuration wizard for a new trust.
- In the Select Data Source screen, select the last option: Enter Data About the Party Manually. Click Next.
- Enter a display name that you'll recognize in the future, and any notes, and click Next.
- Select AD FS profile, and click Next.
- Click Next to keep the default certificate settings.
- Check Enable support for the SAML 2.0 WebSSO protocol.
The service URL is your Zendesk Sell Service Provider Assertion Consumer Service URL. See Setting up Single Sign On (SSO) with Zendesk Sell to find the service URL.Note: Remove any trailing slash at the end of the URL.
Add a relying party trust identifier using your Zendesk Sell Service Provider Issuer ID and click Next.
Select whether you want to configure multi-factor authentication and click Next.
Select the option to permit all users to access this relying party, and click Next.
On the next two screens, the wizard displays an overview of your settings. Click through to the final screen. Close to save and exit and open the Claim Rules editor.
Creating claim rules
You can create the claim rules and update the RPT with minor changes that you did not configure in the previous wizard. Configure the claim rules according to your current ADFS setup.
Setting the secure hash algorithm
Set the secure hash algorithm for the RPT
- In Microsoft AD FS Management, from the Actions side bar, select Properties while you have the RPT selected.
- Select the Advanced tab and set SHA-256 or SHA-1 as the secure hash algorithm.
Configuring SSO in Sell
The final task is to configure SSO in Sell. See Setting up Single Sign On (SSO) with Zendesk Sell for details.