What's my plan?

Available on all Suite plans Available in all products

Quick Look: Admin Center > Account > Security > Single sign-on

Zendesk provides the ability to create multiple SSO authentication configurations for different collections of users. This could be as simple as one authentication policy for end users and another for team members, or as complex as different authentication policies for specific groups and organizations of users.

See the following articles to learn how to create your SSO configurations, depending on the authentication protocols you're using:
  • Enabling SAML single sign-on
  • Setting up single sign-on with OpenID Connect (OIDC)
  • Enabling JWT single sign-on

After you've created your SSO configurations, you can view and manage them on the Single sign-on page in Admin Center.

This article covers the following topics:
  • Viewing your SSO configurations
  • Editing SSO configurations
  • Activating or deactivating SSO configurations
  • Setting the primary SSO configuration
  • Adding "Continue with SSO" buttons to the Zendesk sign-in page
  • Deleting SSO configurations

Viewing your SSO configurations

Your SSO configurations display on the Single sign-on page in Admin Center in a list sorted from newest to oldest. The list includes the configuration's name, the type of configuration (SAML, OIDC, or JWT), which types of users it's assigned to, and whether it's active or inactive.

To view your SSO configurations
  • In Admin Center, click Account in the sidebar, then select Security > Single sign-on.

Editing SSO configurations

You may need to edit your SSO configurations after you create them. For example, you may need to create a new shared secret for a JWT configuration or update the remote login page URL.

To edit an SSO configuration

  1. In Admin Center, click Account in the sidebar, then select Security > Single sign-on.
  2. Click the option menu icon () and select Edit for the SSO configuration you want to edit.

Activating or deactivating SSO configurations

SSO configurations are active when they are assigned to either team members or end users. To inactivate an SSO configuration, you must unassign it from both team members and end users, if applicable.

To activate or deactivate an SSO configuration

  1. Open the Security settings for team members or end users:
    • In Admin Center, click Account in the sidebar, then select Security > Team member authentication.
    • In Admin Center, click Account in the sidebar, then select Security > End user authentication.
  2. Under External authentication > Single sign-on (SSO), select the configuration you want to activate. To inactivate a configuration, clear the check box.
  3. Click Save.

Setting the primary SSO configuration

Depending on how you require users to sign in, you might need to set an SSO configuration as the primary SSO method for team members or end users. As described in Giving users different ways to sign into Zendesk, you can configure the sign-in experience one of two ways:
  • Let them choose: Display all active authentication options on the sign-in page and allow users to choose how they sign in, or
  • Redirect to SSO: Require users to sign in using the primary SSO method.
You only have to set a primary SSO method if you redirect to SSO and have multiple SSO configurations active. Zendesk tries to determine whether an unauthenticated user is an end user or team member and routes them to the remote login page of the primary SSO.

To set a primary SSO method

  1. Open the Security settings for team members or end users.
    • In Admin Center, click Account in the sidebar, then select Security > Team member authentication.
    • In Admin Center, click Account in the sidebar, then select Security > End user authentication.
  2. For Primary SSO, select the name of the SSO configuration you want to send users to by default.

    The Primary SSO field is visible if you have multiple SSO configurations active and you've selected Redirect to SSO.

  3. Click Save.

Adding "Continue with SSO" buttons to the Zendesk sign-in page

If you let users choose how to sign in, you can show a Continue with SSO button on the Zendesk sign-in page for each active SSO configuration. Customize the button labels so they are meaningful to your users. If you offer multiple SSO sign-in methods, create unique labels so users know which option to choose.

You might not authenticate users this way. For example, if your users only sign in using an identity provider (Idp-initiated SSO), you don't have to add SSO buttons because your users don't use the Zendesk sign-in page.

To add an SSO button to the Zendesk sign-in page

  1. In Admin Center, click Account in the sidebar, then select Security > Single sign-on.
  2. Click the option menu icon () and select Edit for the SSO configuration you want to add to the sign-in page.
  3. Scroll to the bottom of the page and select Show button when users sign in.

  4. In the Button name field, enter the text that should follow "Continue with."

    For example, typing team member SSO creates a button labeled Continue with team member SSO.

  5. Click Save.
  6. If the SSO configuration is inactive, activate it by assigning it to team members or end users.

Deleting SSO configurations

You can delete inactive SSO configurations.

To delete an SSO configuration

  1. In Admin Center, click Account in the sidebar, then select Security > Single sign-on.
  2. If the configuration you want to delete is active, deactivate it first. See Activating or deactivating SSO configurations.
  3. Click the option menu icon () and select Delete for the SSO configuration you want to delete.
Powered by Zendesk