Okta supports single sign-on for Zendesk using SAML (Secure Assertion Markup Language). For many of the settings used to configure single sign-on in Okta, you'll find much more detailed information in the Okta user interface. For more about Single sign-on using SAML support in Zendesk, see Enabling SAML single sign-on.
Configuring SAML must be done in both in your Okta account and in Zendesk. You start in Okta first and get the SAML information you'll need to complete the configuration in Zendesk.
Configuring SAML in Okta
Sign in to Okta as an administrator and then follow the steps below.
To configure SAML for Zendesk in Okta
- In Okta, from the drop-down list in the upper-right corner, make sure you are using the Classic UI interface (not the Developer Console).
- Select Add Applications from the dashboard.
- Click Add Application, then search for and choose Zendesk. The Add Zendesk wizard appears.
- On the first screen, General Settings, add a name for the application and your Zendesk subdomain. For example, if your Zendesk URL is mycompany.zendesk.com, enter mycompany). Click Next.
- On the second screen, Sign-On Options, select SAML 2.0. This is where you'll find the SAML SSO URL, the Remote logout URL, and the Certificate fingerprint. You need this information to complete the SAML setup in Zendesk.
- Click the SAML 2.0 setup instructions for Zendesk link.
A page appears with instructions on how to configure SAML in Zendesk. See Configuring SAML in Zendesk below for the latest information.
- Copy the SAML SSO URL, the Remote logout URL, and the Certificate
fingerprint.
You need this information to configure SAML in Zendesk. When you've finished copying, close this window and return to your Okta dashboard.
- (Optional) If you enable User Management, you'll be able to import users from
Zendesk into your Okta account, provision new Zendesk accounts from Okta, and push Okta
user profile updates and passwords to Zendesk.
You'll find information about these Okta features in your Okta account and documentation.
- (Optional) People allows you to select who in your Okta account has access to Zendesk. This step is not covered in this article. You'll find information about these Okta features in your Okta account and documentation.
- When you've completed each step, click Next to complete and close the Zendesk configuration in Okta.
Configuring SAML in Zendesk
When your Zendesk for Okta setup is complete and the information you need for setting up SAML in Zendesk is available, sign in to your Zendesk account as an admin and enable SAML single sign-on. You'll need the SAML SSO URL, the Remote logout URL, and the Certificate fingerprint from Okta to complete your set up.
Assign users to SAML single sign-on with Okta
After configuring SAML single sign-on with Okta, assign this SSO option to end users, staff members (agents and administrators), or both. For more information, see Assigning SAML SSO to users.
8 comments
Jiri Kanicky
Are new users created automatically in Zendesk or do I need to add them first in Zendesk that they can authenticate through Okta?
2
Hannah Lucid
Hello Eric Shen, this information is super helpful! I am curious on whether or not there are any issues with this connection where users have created zendesk ticket using their email but have not signed up within zendesk.
0
Patrick Monahan
We created an on and off-boarding process by which you can Approve, Add, and Authenticate a user from a Zendesk ticket to Okta. An agent receives the ticket and can approve or deny the request. The new user is then created in Okta and provision an App, like email or a scim-based cloud app, in seconds.
https://ironcovesolutions.com/blog/zendesk-to-okta-as-an-onboarding-process/
0
Ferhat Surucu
What happens to API Integrations once SAML SSO activate and enforced...!?
0
Noly Maron Unson
Hi Ferhat,
If your organization uses single sign-on (SSO) in your user profile, you can't use your Zendesk email address and password to authenticate Zendesk API requests. Instead, you can authenticate requests using an API token or an OAuth access token.
See Using the API when SSO or two-factor authentication is enabled.
I hope this helps.
0
Marlon Alcantara
We have a web application that uses Okta for authentication. We are trying to display articles in our page by requesting it through the APIs, but articles that have attachments (images) does not display correctly, because it requires a log-in.
Will the Okta SSO be able to solve our requirements?
0
Tony
did you try to see if the images show if the article is visible to everyone? I think that should work when those are visible and not restricted, and I believe it is intended.
You can reach out to our support to further investigate it.
Best,
0
Marlon Alcantara
Hi Tony,
The images are shown when the article is public and for articles that require sign-on, it is displayed when I sign on from another window. So I was wondering since I am using our apps using Okta authentication, would that carry over to the zendesk articles.
0