English (US)
  1. Zendesk help
  2. Account
  3. Account advice and troubleshooting
  4. How to fix access issues

How can I set up multiple Zendesk SSO integrations in separate help centers?

Alexander Popa
  • Edited
Zendesk Engineering

Suite Growth, Professional, Enterprise, and Enterprise Plusprofessional enterprise plans

Question

I have multiple help centers. How can I set up separate Zendesk SSO integrations for each?

Answer

The default Zendesk authentication method allows the creation of two SSO options, but only directs users to a primary SSO method for login. For example, selecting the Sign-in link in each help center or navigating directly to the sign-in page. For more information, see the article: Using different SAML and JWT SSO single sign on configurations.

Follow the workaround below to set up multiple SSO configurations in separate help centers. 

To create this workflow

  1.  Set a primary SSO method. The primary method will be used when a user selects Login from your help center or navigates directly to the Sign-in link.
  2. Set a non-primary SSO method. The non-primary method will need users to login in using an IDP-initiated login, rather than an SP. This is for users starting at the SSO provider's log-in page, for example, Okta. The provider's log-in page can be used to authenticate into Zendesk and other sites.
  3. Ensure IDP-initiated logins have the proper shared secret for JWT or certificate for SAML, and users will be authenticated.

For more information on how to host a script to allow multiple IDPs without requiring IDP- initiated logs, see the article: Multibrand - Using multiple JWT Single Sign-on URL's (Professional Add-on and Enterprise).

See the image below to compare the login steps of IDP and SP. The examples use SAML, but work similarly to JWT.

SP initiated login:
SP_Initiated_login_workflow_flow_chart.png
IDP initiated login:
IDB_Initiated_Login_flow_chart.png

Note: You could also have both SAML and JWT enabled with JWT as the default. For example, create an “Agent tab" on your custom landing page for JWT.

For more information on SSO, see the resource page: Setting up single sign on.

Return to top

6 Comments

  • Joseph DiNardo

    +1 to Tomer's comment - we have two help centers, and would like to use a separate SAML-based SSO for each (not JWT).

    1
  • Tomer Ben-Arye

    Ben Adelmann,

    Mind sharing more data and information, any base instructions of how you implemented it?
    We're looking for a guide for adding the second SAML implementation, and this article is too shallow and we need more details on the implementation.

    1
  • Ben Adelmann

    In testing this I've found that there is another requirement for SAML auth to work aside from just passing the expected certificate. The entity id passed in a saml idp-initiated login must match the primary sso method's entity id.

    1
  • Canming Jiang

    Joseph DiNardo

    We provide a 3rd-party solution that can help you achieve this goal. Check out our demo video to see our solution in action: https://www.youtube.com/watch?v=HYrc-cPtBfk.

    If you're interested in learning more, please don't hesitate to reach out. We'd be happy to answer any questions you may have and provide more information about our solution.

    0
  • Tkachev Oleg

    > keep the JWT as the default one and create an “agent tab" on your custom landing page for JWT.

    How to organize this tab? Is it just an URL like an */access/normal/ ?

    0
  • Cheeny Aban
    Zendesk Customer Care

    Hi Tkachev Oleg,

    Thank you for creating a post on our community.

    You may need to create a custom login button on your page that will log in agents through JWT. That is because JWT is linked based on user credentials.

    I hope that helps!

     

    0

Please sign in to leave a comment.

Powered by Zendesk