How can I set up multiple Zendesk SSO integrations in separate help centers?

Question

I have multiple help centers. How can I set up separate Zendesk SSO integrations for each?

Answer

The default Zendesk authentication method allows the creation of multiple SSO options. To set up multiple Zendesk SSO in separate help centers you can use the Let them choose option and show the different buttons for different SSO logins or you can follow the workaround below.

To create this workflow

Set a primary SSO method. The primary method is used when a user selects Login from your help center or navigates directly to the Sign in link.
Set a non-primary SSO method. The non-primary method needs users to login in using an IDP-initiated login, rather than an SP. This is for users starting at the SSO provider's log-in page, for example, Okta. The provider's log-in page can be used to authenticate into Zendesk and other sites.
Ensure IDP-initiated logins have the proper shared secret for JWT or certificate for SAML, and users will be authenticated.

For more information on how to host a script to allow multiple IDPs without requiring IDP- initiated logs, see the article: Multibrand - Using multiple JWT Single Sign-on URL's.

See the image below to compare the login steps of IDP and SP. The examples use SAML, but work similarly to JWT.

SP initiated login:

IDP initiated login:

Note: You can have both SAML and JWT enabled with JWT as the default. For example, create an “Agent tab" on your custom landing page for JWT.

For more information on SSO, see the resource page: Single sign-on.