I have multiple help centers. How can I set up separate Zendesk SSO integrations for each?
The default Zendesk authentication method allows the creation of two SSO options, but only directs users to a primary SSO method for login. For example, selecting the Sign-in link in each help center or navigating directly to the sign-in page. For more information, see the article: Using different SAML and JWT SSO single sign on configurations.
Follow the workaround below to set up multiple SSO configurations in separate help centers.
To create this workflow
- Set a primary SSO method. The primary method will be used when a user selects Login from your help center or navigates directly to the Sign-in link.
- Set a non-primary SSO method. The non-primary method will need users to login in using an IDP-initiated login, rather than an SP. This is for users starting at the SSO provider's log-in page, for example, Okta. The provider's log-in page can be used to authenticate into Zendesk and other sites.
- Ensure IDP-initiated logins have the proper shared secret for JWT or certificate for SAML, and users will be authenticated.
For more information on how to host a script to allow multiple IDPs without requiring IDP- initiated logs, see the article: Multibrand - Using multiple JWT Single Sign-on URL's (Professional Add-on and Enterprise).
See the image below to compare the login steps of IDP and SP. The examples use SAML, but work similarly to JWT.
SP initiated login:
IDP initiated login:
For more information on SSO, see the resource page: Setting up single sign on.