Multibrand - Using multiple JWT single sign-on URLs

Return to top

15 Comments

  • Haseena Bibi

    How access can be restricted to particular brand for a user who is login via SSO (JWT based)? What parameter should JWT token contain to specify brands allowed for user ?

    0
  • Bonnie
    Zendesk Customer Care

    Hi Haseena! It is not possible to restrict end-users to a specific brand via SSO. When you have multiple Help Centers to support multiple brands, all of your Help Centers are accessible to all of your end-users. If you are using SSO, each Help Center will redirect users to the same single sign-in protocol and database. This is because users belong to the account, not to a specific brand.

    To keep end-users from logging into brands that you do not wish them to have access to, you can create a script between Zendesk Support and the SSO login script on your server. This script will allow you to route your customers to specific URLs based on which brand they are trying to log into. You can follow the instructions in this Multibrand - Using multiple JWT single sign-on URLs article.

    You will also want to set things up so that the list of your brands doesn't get sent out to your customers so, theoretically, unless your customers know the domain/subdomain from the brand you do not wish them to log into, they will never know that it's there.

    0
  • Gravity CX (APAC Reseller)

    Hi There

    Just want to clarify if the below is possible when using SSO and mutlibrand.

    SSO is configured (SAML) for end users.

    • Brand 1 (Internal Help Desk, hostmapped) - I want end-users to login via SSO
    • Brand 2 (Customer Facing Retail Brand, hostmapped) - I want end users to login with their Zendesk Credentials
    • Brand 3 (Customer Facing Retail Brand, hostmapped) - I want end users to login with their Zendesk Credentials
    • Brand 4 (Customer Facing Retail Brand, hostmapped) - I want end users to login with their Zendesk Credentials

    For Brands 2, 3 and 4 these Help Centers don't require sign in so customers can access the Help Centers no problems (as anonymous users). But if they want to sign in and see their 'My Activities' etc, currently it goes to the SSO.

    Not sure if this is possible.

    Many thanks
    Chad

    0
  • Darenne
    Zendesk Customer Care

    Hi Chad, 

    Thanks for patiently waiting! Ideally, it is not possible to apply different SSO options to individual brands, unless using a custom script for JWT. Based on the scenario you provided, it appears that this article is the best suite for your workflow as this approach will allow you to create an easy script between Zendesk Support and the SSO login script in your server that will allow you to route your customers to specific URLs based on which brand they are trying to log into.

    I hope this clarifies it! 

    0
  • Gravity CX (APAC Reseller)

    Many thanks Darenne.

    This is clear :)

    Cheers

    Chad

    0
  • Kaela Chandrasekaran

    Hi Darenne -

    Are you saying that one could write a routing script that would send users to standard Zendesk auth for some brands but to an SSO page for others? I understand sending users to different SSO pages based on brand but with both returning JWT tokens. I wasn't aware you can use Zendesk native auth as an option.  

    0
  • Remi Saumet
    Zendesk Customer Care

    Hello Kaela Chandrasekaran,

    Thank you for your post, hope you are doing well today.

    To answer this : Are you saying that one could write a routing script that would send users to standard Zendesk auth for some brands but to an SSO page for others? 

    Technically speaking, yes, if Zendesk passwords are still enabled, users with a Zendesk username and password can still access the account by browsing to a specific URL, type /access/normal.

    For your Staff :

    For your End-Users : 

     

    For example, you could entirely point your users' login (Staff and/or End-users) for :

    • Brand 1 toward your JWT login script page (see login script code in this article), thus using your JWT SSO method.
    • Brand 2 toward our Zendesk login portal URL, ex : https://yourbranddomain.zendesk.com/access/normal, and therefore, using Zendesk credentials and our "portal"

    Hope this clarifies it, have a great rest of your day.

    Best regards,

    1
  • Sam Girish

    Could somebody provide or direct me to get a custom script for JWT SSO setup ? I am trying to setup SSO for zendesk with AAD from the past one month using SAML and even after doing all the configuration on both ends, zendesk requires authentication and also when you go ahead and type the credentials , I am not able to log in as well since the external authentication is disabled in Zendesk.Any help would be much appreciated

    0
  • Dane
    Zendesk Engineering
    @Sam,
     
    We don't have any custom script readily available for JWT SSO. However, Additional information about JWT is a good way to start.

     

    0
  • John DiGregorio

    We have a company website (not Zendesk) that requires a user to login.  I want to embed this page in our Zendesk customer community and once the end customer is logged into the community they can click the link without logging in.   Any help would be greatly appreciated

    0
  • Andrew Belonger

    Is there a setting to force redirection to the login URL if a non-authenticated user hits a brand's help center URL?  We are using multi-brand SSO but all our brand URLs are allowing non-authenticated access - ideally, if you hit a brand URL, we want it to redirect to the login URL (which will be a script similar to what is laid out above) so we can pass them to the proper site to get authenticated.

    0
  • Dion
    Zendesk Customer Care
    Hey Andrew,

    To force authentication, all you need to do is to turn on the "require sign-in" in your Guide setting. If this is enabled, this will force anyone who will try to access a Help Center page over to the authentication URL setup in the SSO settings for the account (if you have SSO) or it will prompt with a Zendesk sign-in window if you are only using the Zendesk auth.

    Regards,

    Dion
     
    1
  • AAHHOO®

    Great information, thank you

    I have a question, where should I put this code:

    1) customize my theme layout in brand1/script

    2) customize my theme layout in brand2/script

    3) on my own server and where. I am using IONOS or 1and1

    Sorry for the silly question, but I have no programming education.

    Kind regards,

    Jose

    0
  • AAHHOO®

    Mr. Anton de Young

    Excuse me, another question besides where to put that code (brand1 or brand2 themes design at script or in IONO's server (in my case) and where). Both brands must require a login or at least one can have public articles to read without login?

    Regards,

    Jose

    0
  • Brett Bowser
    Zendesk Community Manager
    Hey AAHHOO,
     
    I'd recommend taking a look at our documentation here: Customizing your help center theme
     
    If you don't have any developer experience I would recommend reaching out to your account manager as they may be able to get you in touch with our professional services team.
     
    Let me know if you have any other questions for me in the meantime.
     
    0

Please sign in to leave a comment.

Powered by Zendesk