Zendesk offers the ability to set separate authentication policies for agents vs end users. This helps you secure your Zendesk by allowing you to create a more strict authentication policy for agents while still providing easy access to your customers and end users.

With this functionality, you can...

1. Set different password policies for agents vs end users.
   
   
2. Set different authentication methods for agents vs end users (e.g. Google sign-in for agents, Zendesk sign-in for end users)
   
   
3. Restrict your agents to sign in with only one authentication method that you choose: username + password, Google, or SSO (SAML or JWT).
   
   You will only be able to select a single authentication mechanism for agents.  If you select SSO with IP restrictions, your agents will be allowed to sign in with Zendesk credentials outside of the IP range.
   
   
4. Enable SSO for only agents, or only end users, or both.
   
   You will not be able to select different SSO configurations for end users vs. agents if you select SSO for both.
   
   You can set up both JWT and SAML, designating the primary SSO mechanism for Zendesk redirection

Security settings that pertain to all users, such as IP restrictions and SSL, can be found in the Security () section of Admin Center.

Sign-in page

If SSO is enabled only for end users, they are taken directly to the SSO sign-in page. Agents have to navigate to the /access/normal URL to sign in using their Zendesk account credentials.

If SSO is enabled for agents and not end users, a link called "I am an Agent" is displayed on the sign-in page. Clicking this link takes the agent directly to the SSO sign-in page.