On the End users (customers) configuration page you can select the settings that affect how your users access and use Zendesk. For example, if you want your Zendesk account to be available to anyone, you can select the Anybody can submit tickets setting. This setting, and related end user settings, determine how open or restricted Zendesk is to your end users.
You can configure end user access to your Zendesk account for the following:
- Anybody can submit tickets and no registration or email verification is required. Users must prove that they are human based on CAPTCHA requirements.
- Anybody can submit tickets as long as the endpoint of the ticket is authenticated.
- Anybody can submit tickets but you also require registration and email address verification.
- Anybody can submit tickets but you restrict access to your Zendesk account based on email domains or IP restrictions. In other words, you only accept registration and tickets from approved users.
- Only users you add to your Zendesk account are able to submit tickets and use your Help Center.
There are variations of these configurations as well. For example, you can allow anybody to submit tickets, require registration, and also restrict access using email domains or via IP restrictions. These configurations are also affected by using both social media and enterprise single sign-on (see Single sign-on (SSO) options in Zendesk).
- Selecting who can submit tickets
- Controlling spam tickets
- Requiring that your users register to use Zendesk
- Controlling access to Zendesk Support with the email allowlist and blocklist
- Registration message and verification email notifications
- Sending the email verification message to users you add
- Allowing your end users to edit their profiles and change their passwords
- Validating phone numbers
- Enabling user tagging
To manage end user settings
- In Admin Center, click
People in the sidebar, then select Configuration > End users.
Selecting who can submit tickets
The Anybody can submit tickets setting is one of the most important end user settings because it determines which users can access and use Zendesk. You can allow anybody to use your Zendesk account, close it to all but the users you add, or restrict the use of your Zendesk account to just users from specific email domains or within a range of IP addresses. These configuration options are referred to as open, closed, and restricted and are explained in detail in the following articles:
Controlling spam tickets
There are two ways to control spam tickets. The first is the use of CAPTCHA, which is automatically enabled when you allow anyone to submit tickets. If the spam is coming from the APIs you can also require authentication for all tickets created using the requests API (/api/v2/requests) and uploads API (/api/v2/uploads) endpoints.
Using CAPTCHA
When anybody can submit tickets, CAPTCHA is used to protect your account. That means users who are not signed in may be prompted to complete a verification test before they can submit a ticket.
Allowing anybody to submit tickets might lead to some spam email appearing as tickets in your Zendesk account. Requiring users who are not registered and signed in to confirm they're human before they can submit a ticket goes a long way to prevent spam. Zendesk uses Cloudflare's bot detection and management software to prevent bots and malicious traffic. Most users can simply confirm they're human without having to solve a CAPTCHA. A risk analysis engine predicts whether the user is a human or an abusive agent. If the engine isn't sure, it displays a CAPTCHA that the user must solve before they can submit a ticket.
CAPTCHA is enabled by default, including on the Sign Up page, and can't be disabled. CAPTCHA is not currently available with the Web Widget.
Requiring authentication for the requests API endpoint
You can require authentication for the requests API endpoint (/api/v2/requests) and uploads API endpoint (/api/v2/uploads). Although it's highly effective at preventing spam, requiring authentication makes it harder for end users to open tickets anonymously. Some methods of ticket creation, such as the Zendesk Web Widget Contact form, custom apps, and external web forms, rely on the unauthenticated anonymous ticket creation process to submit tickets. Requiring authentication for the requests and upload endpoints will prevent the creation of anonymous tickets from these sources. The Require authentication for requests and uploads APIs setting is turned off by default and can only be enabled in Admin Center.
Requiring that your users register
The default configuration of the Help Center displays the Sign Up page and allows your users to optionally create a user account. To require users to register and create an account, enable the Ask users to register setting. When creating an account, the user's email address must be verified. Until it is, any support requests they make (via the support request web form, the Web Widget, or email) will be suspended and will not be added to your Zendesk views.
To learn more about the registration process and the advantages of requiring registration, see Options for end-user registration.
Controlling access to Zendesk Support with the email allowlist and blocklist
When anybody can submit tickets, you can use the allowlist and blocklists to restrict access to Zendesk Support. For example, you can accept user registrations and support requests from users who have email addresses in the email domains you add to the allowlist. You can then reject all other users by adding an asterisk (*) to the blocklist. If you're not setting up a restricted Zendesk, leave both the allowlist and blocklist blank.
The allowlist and blocklist are explained in more detail in Permitting only users with approved email addresses to submit tickets (restricted).
You can also control access using IP restrictions. See Restricting access to Zendesk Support and your Help Center using IP restrictions.
Registration message and verification email notifications
The Sign Up page in the Help Center contains a message prompting users to fill out the registration form.
You can customize this message on the End users (customers) settings page by editing the User registration message. You can also add dynamic content to this message. See Providing multiple language support with dynamic content.
When your users register they receive a welcome email message (called the User welcome email) that prompts them to verify their email address and create a password so that they can sign in to your Help Center.
Users receive a similar email message (called the Email verification email) when they add secondary email addresses to their user profiles. Both of these messages can be customized and both support dynamic content.
Sending the email verification message to users you add
You can also send a welcome email when a new user is created by a team member. This is the same email message shown in the previous section. When you add a user yourself you'll probably also want the user to verify their own email address and then create a password so that they can sign in to Zendesk. Of course you may not want to enable this setting since Zendesk offers many many access, registration, and sign-in options, including single sign-on.
See the following topics for a more detailed description of using the Also send a welcome email when a new user is created by an agent or administrator setting:
Allowing your end users to edit their profiles and change their passwords
Users are allowed to view and edit their profile data by default. This allows your users to add information to their user profiles. For example, they can add secondary email addresses, their X (formerly Twitter) account, and so on. You should disable Allow users to view and edit their profile data if you use remote authentication because your user data is handled outside of your Zendesk account.
Users are also allowed to change their password by default. You would normally want your users to be able to change their own passwords, but should deactivate Allow users to change their password if you administer users and passwords in another system and use remote authentication.
Validating phone numbers
With this setting enabled, phone numbers added to user profiles must be in the internationally standardized E.164 format. E.164 numbers can have a maximum of fifteen digits and are usually written as follows: [+][country code][subscriber number including area code]. Numbers that don't conform to this format won't save to user profiles.
Enabling user tagging
Enabling user tagging allows you to add tags to a user's profile. These tags are then added to the user's tickets, which you can then use to control your workflow. For example, you can use a tag to escalate a specific user's tickets.
The user does not see the tags that have been added to their profile.
For more information, see Adding tags to users and organizations.
22 comments
Rick Anderlick
Hello,
Regarding the "Requiring that your users register to use your Zendesk" I'd like to understand what would happen in a particular scenario.
Say a ticket is opened by a registered user but later updated by an unregistered user that is added into the conversation. Since the ticket had already been created does the unregistered user's message still get delivered or is it suspended until they register?
0
Kharlo Reboja
The users response would still be added to the ticket but they will get a welcome email. Their ticket only gets suspended if they email in themselves without having been added by an existing user. Hope this clears things up!
Kharlo | Customer Advocate
0
Pedro Reis
"Anybody can submit tickets" is enabled on our end, but the captcha is not present o the "submit a ticket" form.
Any idea why?
3
Julien Maneyrol
Hi,
I have the same problem as Pedro Reis: "Anybody can submit tickets" is enabled on our end, but the captcha is not present o the "submit a ticket" form.
We are using a custom theme for Guide, but the same happens with Zendesk default theme.
0
Dane
In "Using CAPTCHA" section, it was indicated that the CAPTCHA will only appear if Cloudflare's risk analysis engine is not sure if the one submitting the request is a human or an abusive agent. If Cloudflare has detected a human is submitting the request, the submitter can proceed normally. CAPTCHA is enabled by default and cannot be disabled.
0
Katherine Isaac
Our set up is "Anybody can submit tickets but you also require registration and email address verification". Is there anyway to prevent anonymous chats via Web Widget? Can we enforce the "Update your profile" form?
0
Alina
Hi Katherine,
The only form that can be enabled in the Chat widget is the Pre-chat form, which require visitors to complete a form before starting a chat. With the option <Require identity> enabled, visitors must provide their name or email before starting a chat.
This is explained in more detail here, Enabling the pre-chat form on the Chat widget.
Some elements of the pre-chat form can be customized as mentioned here How do I customize the pre-chat form?
Currently, you can only use Ticket forms with the classic Web widget. For more details, see Using custom ticket fields and ticket forms with the Web Widget (Classic).
When the pre-chat form is not enabled in your Chat settings, anonymous users are free to access your Chat widget.
If you'd like to have a visitor authentication on your Web Widget, you can do so by setting up JWT authentication. You can find the steps here Enabling authenticated visitors in the Chat widget.
Once the users will be successfully authenticated, they will no longer need to type in their name and email address.
0
Louis La
Hello,
Is there a way to get notified (through email) as an Admin/Agent when a new user/customer has created an account?
Thanks!
0
Dane
Natively, this is not possible. However, you can look into the possibility of using the Webhook Event Type: Support User Created to get notified for all newly created users. In addition, you will also need the endpoint of the app that will receive this payload. You can utilize GMAIL API, or Slack API endpoint for you to be notified continously.
0
Vanessa Radman
Hi there,
All of the tickets created for our company are from emails coming from our customers, we're not using any forms or chat at the moment. Is there a way to bulk verify all of my customer emails? Or what is the most efficient way for me to verify their emails to ensure they don't end up in the suspend tab?
Our customers do not share a domain with their account; customers have different domains within a single organization/account, including generic email domains like Google. So I can't verify via domain.
Thank you,
0
Arianne Batiles
Hi Vanessa Radman,
While it's not possible to bulk-verify your users in the agent interface. It's definitely possible through the API. You can find the corresponding endpoints in our Developer resources here: https://developer.zendesk.com/rest_api/docs/support/users#update-many-users
0
Jennifer Gillespie
I have End users that would like to see the following options on the Guide side within My Activities:
Are any of these features available via any of the free templates? Or are these enhancements in the works?
0
Wes Plate
We had "Anybody can submit tickets" enabled, and like others have said there was no CAPTCHA. We started getting spam submissions so we turned on "Ask users to register". Too bad the CAPTCHA thing didn't work to block spam.
0
felix
Very dissapointing solutions to solve a simple issue.
We have been starting to get a lot of spam coming from qq.com e-mail adresses based on a web form. The form has been deleted, required autentication for API, blocked the qq.com domain, code adjusted of the guide, all did not work. Having to spend hours to find solutions in Zendesk articles like to above to eventually find out the only standard offered solution is require users to create an account is low quality and unpreferred.
2
Jeff Choo
We are also getting a lot of spam from qq.com via the contact form. If CAPTCHA was enabled by default, it doesn't seem to be blocking the obvious bot entry. We appreciate any additional help. Thanks
1
cfantini
Can you require a customer to be signed in via SSO for Gather and Guide, but leave Support open to anyone?
Additionally, if everything is locked down (Gather, Guide and Support), can you open a simple channel to Support for users that are locked out of their account?
0
Joyce
Yes, it is possible to only enable SSO for end users and leave your Support using the Zendesk authentication.
In regards to opening a simple channel to Support users who are locked out, when a user encounters a login issue while your account is enabled for SSO authentication, the only way that they can reach out for assistance is by sending an email to your support address.
If your SSO is down, you can still log in to Zendesk by bypassing your SSO authentication. You can visit Accessing your Zendesk account when your SSO service is down for more information.
0
Yvonne P.
We have had the exact same issue as Jeff Choo and felix - has one of you found a way to force CAPTCHA on all new requests submitted via help center forms?
@zendesk - why is this not something we can decide to do? Especially in todays times, where every company tries to automate as much as possible, ticket forms seem an amazing tool for it. We are working out a whole strategy around contact pages etc now - using ZD forms on them - but realizing now, we can not guarantee CAPTCHA to be part of these pages is very upsetting. I can not risk beeing exposed to a ton of spam, creating more work than what we may save in the process of these projects (sure you understand).
I can't believe no other big ZD client has this issue. Please let me know if there is anything we could do, to have CAPTCHA always take place when visitors want to submit a request via our help center forms.
0
Paolo
CAPTCHA is enabled by default. This is hard-coded in the system and no setting can force it to appear on all requests from the Help Center. The CAPTCHA will appear based on how likely that the request is from a bot. To further understand how the CAPTCHA works, kindly check this article CAPTCHA FAQs.
In addition, are the spam tickets really coming from the Help Center forms? These spam tickets can be submitted on different channels and we have preventive measures to avoid spam based on which channel it came from. I highly recommend implementing these measures to prevent spam tickets: Tips to combat spam and protect your business.
Best,
Paolo | Technical Support Engineer | Zendesk
0
Yvonne P.
Paolo Thank You for the prompt response and clarification!
0
Dispatcher Astatine
Hello team!
We want to disable Ticket Fields being visible to users in their Request overview. Right now, if an end-user heads to their /requests/# area, they are shown information from the Ticket Fields agents see in their tickets.
We'd like only to have the conversation (Public Notes) visible to our end-users. Which setting am I missing?
0
Francis Casino
I've gone ahead and created a ticket to look into this further. You can expect to receive an email from us soon.
0