English (US)
  1. Zendesk help
  2. Account
  3. Account documentation
  4. Global security and user access

Managing single sign-on (SSO) configurations

Anton de Young
  • Edited

What's my plan?

Fastpath: Admin Center > Account > Security > Single sign-on

Zendesk provides the ability to create separate authentication configurations for different collections of users. This could be as simple one authentication policy for end users and another for team members, or as complex as different authentication policies for specific groups and organizations of users.

This article contains the following sections:
Related articles:

Viewing your SSO configurations

All SSO configurations are listed on the Single sign-on page in Admin Center. The list includes the configuration's name, whether it's a SAML or JWT configuration, which types of users it's assigned to, and whether or not it's active. SSO configurations are listed from newest to oldest and can't be sorted.

Setting an SSO configuration as the primary authentication method

If you have more than one authentication method assigned to your users, you must specify primary SSO methods for end users and team members. Zendesk attempts to anticipate whether an unauthenticated user is an end user or team member and routes them to the appropriate remote login page based on that.

To set a primary SSO configuration

  1. Open the Security settings for team members or end users.
    • In Admin Center, click Account in the sidebar, then select Security > Team member authentication.
    • In Admin Center, click Account in the sidebar, then select Security > End user authentication.
  2. For Primary SSO, select the name of the SSO configuration you want to send end users or team members to by default.
  3. Click Save.

Editing SSO configurations

You may need to edit your SSO configurations after you create them. For example, you may need to create a new shared secret for a JWT configuration or update the URL for your remote login page.

To edit an SSO configuration

  1. In Admin Center, click Account in the sidebar, then select Security > Single sign-on.
  2. Hover over the SSO configuration you want to create a new shared secret for, then click the option menu icon () and select Edit.

Activating SSO configurations

SSO configurations are considered inactive when they aren't assigned to any users. To assign an SSO configuration to your users, open the Security settings for team members or end users and select the SSO configuration(s) you want to use.
  • In Admin Center, click Account in the sidebar, then select Security > Team member authentication.
  • In Admin Center, click Account in the sidebar, then select Security > End user authentication.
Return to top

4 Comments

  • Chris Fassano

    Anton de Young - Are we able to delete SSO configurations? I don't see an option for that in the UI.

    0
  • Dainne Lucena
    Zendesk Customer Care

    Hi Chris Fassano,


    At the moment we don't allow SSO configurations to be deleted. Hopefully, in the future, we can add that combined with logs & restoration features to deal with accidental deletes. 

     

     

    0
  • Peter Boast

    We are currently configured for SSO through MO365 and Zendesk.  We would like to stop using SSO and just have username and password login.  What is the best process to acheive this?

     

    0
  • Gabriel Manlapig
    Zendesk Customer Care

    Hi Peter,
     
    If External Authentication is turned off then Zendesk native authentication will be used when logging into Zendesk (username and password) and turning it on again will set it (SSO) as the default once more.
     
    To edit your user authentication:

    1. In Admin Center, click  Account in the sidebar, then select Security > Team member authentication.
    2. Un-check external authentication. For reference, please screeshot below:
       

    I hope this helps! Thank you!

     

    0

Please sign in to leave a comment.

Powered by Zendesk