You can have up to two active SAML and two active JSON Web Token (JWT) SSO configurations, which can be assigned to different collections of users. Each will have their own remote login pages.
The following Admin Center page shows two primary SAML configurations—one for end users and one for team members.
About redirecting users to remote login pages
Zendesk redirects unauthenticated users when they click the Sign in link in Help Center or navigate directly to the sign-in page in Zendesk.
If you have more than one authentication method configured for your users, you can assign separate primary SSO methods for end users and team members. Zendesk attempts to anticipate whether an unauthenticated user is an end user or team member and routes them to the appropriate remote login page.
For the best customer experience, you should set the primary SSO method for end users to be the one used by the majority of your end users to ensure they get the benefit of the redirect. The users that use the other remote login pages must navigate to them on their own. Make sure to provide them with the correct URL. Another solution is asking your web team to add links on the redirect login page that the other users can use to access their login pages.
Example set up
- JWT-VIP: Assigned to VIP end users
- SAML-EndUsers: Assigned to all other end users
- JWT-TeamMembers: Assigned to all team members
On the Team member authentication page, you've only assigned the JWT-TeamMembers SSO method to team members. Therefore, you don't need to select a primary SSO method for team members to use. All team members will be redirected to the remote login page for this SSO method, which is your corporate employee login page.
Then you set SAML-EndUsers as the primary SSO method on the End user authentication page because that's what the majority of your end users will use. The remote login page for this SSO method is your company's default customer login page. Your VIP end users will also be redirected to this page even though they're configured to use the JWT-VIP SSO method. Since these are your most important customers, you need to ensure they can easily sign in, too. You can provide them with the correct URL for the remote login page they should use or have your web team add a link directing them to the VIP login page.