Single sign-on (SSO) options in Zendesk

Return to top

13 Comments

  • Derek Yanoff

    If I deploy Enterprise SSO after some of my end-users already have ZenDesk accounts, will those accounts be deleted or synced when they sign in with the new Enterprise SSO option?

    0
  • Sergei

    Hi Derek,

    It will mostly depend on SSO settings on IdP's side (is provisioning enabled or not, and if enabled - which values are pushed to Zendesk upon log on etc), but in general - no user can be deleted by SSO or any other auth. process. 
    SSO can do one/all of the following: demote/promote users (by passing role attribute in your xml payload) and change their name, organisations and so on.
    Users will be synched at the most. At the least 0 simply allowed to enter your Help Center as is, without any changes to their profile/role/etc

    1
  • Edwin Schukking

    Hi,

    We have a mobile panel and were wondering, whether we can also set up SSO with mobile phone numbers instead of email addresses.

    Thanks!

    0
  • Juraj Jarmek

    Hello Edwin.

    That would unfortunately not be possible since it is not supported within the SSO integration.

    Sorry for that.

    Have a great day and stay safe!

    0
  • Montara Support

    Hi,

    We just purchased Zendesk and want to use Guide as our knowledge center.

    Our product is built as single tenant, means each customer (a business) will have its own instance in our cloud. We would like to connect our Zendesk Guide instance with SSO to all of our tenants (product docs are similar for all). Each business/customer has its own SSO of course.

    Couldn't find a solution for that setup in the articles above. Is there a way to do this?

    many thanks!

    Ronen

    0
  • Bruce Michelsen

    In our Zendesk instance, we’re concerned with whether unsigned-in/anonymous users will still see articles--that don’t require signing in--after enabling Enterprise SSO.

    Our Zendesk instance is “closed”, meaning users can view articles (depending on permissions) in the Help Center anonymously or after signing in. (Only signed-in users can submit tickets.)

    Using Enterprise SSO, users that do not sign in SHOULD still be able to view the articles that are set for anonymous viewing. Right?

    1
  • Giuseppe
    Zendesk Customer Care

    Hi Ronen,

    It looks like you'll want to use custom JWT script and Multibranding as outlined in this article -Multibrand - Using multiple JWT single sign-on URLs.

    Aside from that, you might also want to check Choosing the best authentication option for my account for more information about what kind of authentication you should use based on your account.

    Hi Bruce,

    End-users should still be able to view your Articles as long as the visibility is set to everyone, even without signing in. For more information about visibility settings, see Setting view permissions on articles with user segments

     

    1
  • Kornelia Szabo

    I am wondering if it is possible to set up SSO but with different redirect links for different environments, such as one url for prod and another for dev?

    0
  • Cheeny Aban
    Zendesk Customer Care

    Hi Kornelia,

    As of the moment, there is no native way to do that in Support.

     

    0
  • Montara Support

    Hi,

    I asked that question a few months ago but still have no solution and we are thinking to probably switch to another tool because we have no resolution. Here is the question again:

    We have multiple customers around the world that are authenticated to our app using their internal SSO. 

    We would like to have one Guide instance because there is no change in content between our customers help. So we do not want to use multi brand.

    A user connecting to Guide should be authenticated, no matter if they come from inside our app (went through authentication) or just click a link (or bookmark of Guide page).

    We couldn't find a solution that support that beside multi brand which is a lot of hustle maintaining multiple help centers instead of one master. Also multi brands are limited in number.

    Any help is appreciated.  If you know any customer that implemented such a solution it can be helpful too.

     

    Many thanks,

     

    Ronen 

    2
  • We don't want our customers to have/manage a separate login to submit and view their tickets via Zendesk. Instead, we want to require customers to sign in and authenticate to their account with us. Does Zendesk support this? 

    Currently, we encourage customers to submit a request by going to https://help.acme.com/hc/en-us/requests/new (I anonymized the link). But ideally, we want customers to sign in to Zendesk using their account with us before they can submit their request. That way, we know who they are and which subscription plan they're on.

    Thanks!

    1
  • Daniel Borrego
    Hi Allen, 
     
    It is possible indeed.
     
    This article explains how SAML works and how to set it up to have the authentication for Zendesk happening on your system. 
     
    Enabling SAML single sign-on
     
    Please share this documentation with your IT, so they can follow these steps.
     
    Thanks for your question,
    0
  • Tanawat Oonwattana

    Hi,

    I am not sure what is the authorization flow that Zendesk is using for OAuth SSO?

    Is it Authorization code or implicit or PKCE?

    right now it is throwing below error back to me.

    https://{sub-domain}.zendesk.com/access/jwt?error_description=response_type+is+required.&error=invalid_request#.

    0

Please sign in to leave a comment.

Powered by Zendesk