Enabling JWT single sign-on

Return to top


  • Nara S.
    Hi Raphael, if you're looking for general information on creating light agents within an account, you can find that information within the Setting Roles and Access in Zendesk article here. Otherwise, if you are looking to pass a light agent role via JWT, note that you can do so by passing the role parameter as agent while also passing the custom_role_id parameter to the id of your light agent role in the Admin Center. Cheers!
  • Naresh Aavula

    Hi Team,

    I working on replacing  https://myoldcompany.zendesk.com/api/v2/ api with  https://mynewcompany.zendesk.com/api/v2/

    the old api works with a specific zendesk login id and password being passed with basic authentication as an encypted format. To work with the new https://mynewcompany.zendesk.com/api/v2/,

    the same old login and password does not work for me, Should I need to change something here?

  • Dane
    Zendesk Engineering
    Hi Naresh,
    I'll create a ticket for you to directly look into this one. Please wait for my update via email and let's continue from there. 
  • Antoine M

    Hello, can you provide documentation on errors? Like the list of possible errors and what they mean. For context, I'm having a lot of errors saying that the unique user identifier has been reused or that the user creation didn't work but I don't really know what to do with this information.


    Thank you,

  • Cheeny Aban
    Zendesk Customer Care
    Hi Antoine M, 

    I created a ticket for you so we can further look into the issue that you have encountered with SSO. I'll wait for your reply 
  • Jonathan Youett

    Hey Zendesk-Team,

    can you confirm that the `return_to` parameter will only work if it is a URL of my zendesk instance?
    I am trying to make a login work that is automatically signing in the user to Zendesk but returns to my non-zendesk application.

    So I am doing something like https://my-zendesk-url/access/jwt?jwt=myToken&return_to=MY_APP_URL

    However, I always end up on the help center and never on the MY_APP_URL.

    If I am correct about my assumption, do you have a roadmap feature that is allowing to pass non-zendesk Urls to the return_to parameter?





  • OllieJC

    I was having issues with new SSO users signing in and being redirected to the sign-out receiving an error message of "Users with the email address ... are not allowed to sign up for this help desk".

    The issue turned out to be the blocklist in the Admin > People > End users section.

    It'll be good to add a note here that the blocklist applies to new user accounts accessing via JWT as this wasn't intuitive (and the blocklist help text only mentions ticket creation).

  • Kristie Sweeney
    Zendesk Documentation Team

    Thank you OllieJC for calling this out. I'll discuss with the product team and add a note to the documentation.

  • Kristin Lisson

    Does the SSO process invoke when a user attempts to sign in (e.g., clicks "Sign in"), or does it invoke upon any visit to one of your pages (e.g., https://yoursubdomain.zendesk.com)?

    The documentation says, "Once you enable SSO, sign-in requests are routed to a sign-in page external to Zendesk Support." I assume the request here means that the user clicks "Sign In."

    However, the documentation also says, "1. An unauthenticated user navigates to your Zendesk Support URL. Example: https://yoursubdomain.zendesk.com/. The Zendesk SSO mechanism recognizes that SSO is enabled and that the user is not authenticated."

    I just wanted to make sure that articles can still be publicly accessible (no sign in required) if we enable enterprise SSO (JWT). Thanks!


Please sign in to leave a comment.

Powered by Zendesk