Single Sign On (SSO) is available across all Sell plans for Zendesk Sell accounts. SSO is only available for legacy Sell accounts on the Elite plan. If your Sell account was created after January 7, 2020, or has been migrated to Zendesk, then it is a Zendesk Sell account. If your account was created before January 7, 2020, and has not yet been migrated, then it is a legacy Sell account.
This article covers the following topics:
Setting up SSO for Zendesk Sell accounts
For Zendesk accounts, all SSO settings are managed through the Zendesk Admin Center.
To set up SSO for a Zendesk Sell account
- If you have multiple Zendesk products, you can access the Admin Center directly from your Product Tray.
Alternatively, in Sell, click the Settings icon (), then select Integrations > Single Sign On.
- Click Configure.
A new window opens for the Zendesk Admin Center.
- Follow the guidance in Enabling SAML SSO to set up SSO.
For more information, see: Managing security settings in Admin Center.
Setting up SSO for legacy Sell accounts
To set up SSO for a legacy Sell account
- In Sell, click the Settings icon (), then select Integrations > Single Sign On.
- Click Configure.
You'll see the Zendesk Sell account UUID, Service Provider Issuer ID, and Service Provider Assertion Consumer Service URL information on this page. You'll need to provide this information to your identity provider.
- Select Automatic Setup or Manual Setup.
- If you select Automatic Setup, enter the metadata URL for your identity provider.
Most identity providers offer one URL to transfer this information.
- If your Identity Provider doesn't provide a single URL for configuration, select Manual Setup, then enter the following information:
- Identity Provider Issuer ID, for example, http://yourdomain/adfs/services/trust.
- Identity Provider SSO URL, for example, https://yourdomain/adfs/ls.
- Identity Provider certificate fingerprint. This is the SHA-1 fingerprint of the token signing certificate installed in the ADFS instance.
- Click Save.
You have now configured your SSO settings.
The following table lists the parameter name, parameter value, and any comments about each SSO setting.
|Parameter Name||Parameter Value||Comments|
|Single Sign On URL||Service Provider Assertion Consumer Service URL value from Zendesk Sell settings||
This is a custom URL for each Zendesk Sell account, based on UUID generated during SSO configuration.
The same value should be used for Recipient URL and Destination URL if these are defined independently.
|Audience Restriction||Service Provider Issuer ID value from Zendesk Sell settings||This is a custom URL for each Zendesk Sell account, based on UUID generated during SSO configuration.|
|Assertion||Signed & Encrypted|
|Single Log Out URL||Leave this empty, as it is not supported.|
|Default RelayState||Leave this empty, as it is not supported.|
Logging in to Zendesk Sell with SSO enabled
With SSO enabled, users continue to log in to Zendesk Sell from their default login page. You must enter the email address registered to Sell, (the email address that is your login email).
Zendesk Sell automatically verifies the email address against your identity provider, and if you're already logged in to your identity provider, you will automatically be logged into Sell.
If you're not already logged into your identity provider, you will be redirected to their login page to enter your login details. As soon as your details are authenticated, you are automatically logged in to Zendesk Sell.
If you're logging in from a Sell mobile app, enter your Zendesk Sell email address to begin the sign-in process on your device. Depending on your device, you will be redirected to your browser, or the app of your identity provider, to complete sign in.
If you're an administrator on your Zendesk Sell account, you can select an option to log in with an email and password on the login page. All non-administrator users need to use SSO to log in.
You need administrator rights to change the email address registered to Sell. Non-admin accounts cannot change the email address used to log in.
Please sign in to leave a comment.