Single Sign On (SSO) is available across all Sell plans for Zendesk Sell accounts. If your Sell account was created after January 7, 2020, or has been migrated to Zendesk, then it is a Zendesk Sell account. If your account was created before January 7, 2020, and has not yet been migrated, then it is a legacy Sell account.
This article covers the following topics:
Setting up SSO for Zendesk Sell accounts
For Zendesk accounts, all SSO settings are managed through the Zendesk Admin Center.
To set up SSO for a Zendesk Sell account
- If you have multiple Zendesk products, you can access the Admin Center directly
from your Product Tray.
Alternatively, in Sell, click Settings (), then select Integrations > Single Sign On.
- Click Configure.
A new window opens for the Zendesk Admin Center.
- Follow the guidance in Enabling SAML single sign-on or Enabling JWT single sign-on to set up SSO.
Setting up SSO for legacy Sell accounts
To set up SSO for a legacy Sell account
- In Sell, click Settings (), then select Integrations > Single Sign On.
- Click Configure.
You'll see the Zendesk Sell account UUID, Service Provider Issuer ID, and Service Provider Assertion Consumer Service URL information on this page. You'll need to provide this information to your identity provider.
- Select Automatic Setup or Manual Setup.
- If you select Automatic Setup, enter the metadata URL for your
identity provider.
Most identity providers offer one URL to transfer this information.
- If your Identity Provider doesn't provide a single URL for configuration,
select Manual Setup, then enter the following information:
- Identity Provider Issuer ID, for example, http://yourdomain/adfs/services/trust.
- Identity Provider SSO URL, for example, https://yourdomain/adfs/ls.
- Identity Provider certificate fingerprint. This is the SHA-1 fingerprint of the token signing certificate installed in the ADFS instance.
- Click Save.
You have now configured your SSO settings.
The following table lists the parameter name, parameter value, and any comments about each SSO setting.
Parameter Name Parameter Value Comments Single Sign On URL Service Provider Assertion Consumer Service URL value from Zendesk Sell settings This is a custom URL for each Zendesk Sell account, based on UUID generated during SSO configuration.
The same value should be used for Recipient URL and Destination URL if these are defined independently.
Audience Restriction Service Provider Issuer ID value from Zendesk Sell settings This is a custom URL for each Zendesk Sell account, based on UUID generated during SSO configuration. NameID Format EmailAddress Application Username Email Response Signed Assertion Signed & Encrypted Signature Algorithm RSA-SHA1 Digest Algorithm SHA1 Single Log Out URL Leave this empty, as it is not supported. Default RelayState Leave this empty, as it is not supported.
Logging in to Zendesk Sell with SSO enabled
With SSO enabled, users continue to log in to Zendesk Sell from their default login page, but you'll need to enter the email address registered to Sell, that is, your login email.
Zendesk Sell automatically verifies the email address against your identity provider, and if you're already logged in to your identity provider, you'll be automatically logged into Sell.
If you're not already logged into your identity provider, you'll be redirected to their login page to enter your login details. As soon as you're authenticated, you'll be automatically logged into Zendesk Sell.
If you're logging in from a Sell mobile app, enter your Zendesk Sell email address in order to begin the sign in process on your device. Depending on your device, you'll be redirected to your browser or your identity provider's app to complete sign in.
If you're an administrator on your Zendesk Sell account, you'll be able to select an option to log in with an email and password on the login page. All non-administrator users will need to use SSO to log in.
You need administrator rights to change the email address registered to Sell. Non-admin accounts won't be able to change the email address used to log in.