Multibrand - Using multiple JWT single sign-on URLs

Return to top

5 Comments

  • Haseena Bibi

    How access can be restricted to particular brand for a user who is login via SSO (JWT based)? What parameter should JWT token contain to specify brands allowed for user ?

    0
  • Bonnie

    Hi Haseena! It is not possible to restrict end-users to a specific brand via SSO. When you have multiple Help Centers to support multiple brands, all of your Help Centers are accessible to all of your end-users. If you are using SSO, each Help Center will redirect users to the same single sign-in protocol and database. This is because users belong to the account, not to a specific brand.

    To keep end-users from logging into brands that you do not wish them to have access to, you can create a script between Zendesk Support and the SSO login script on your server. This script will allow you to route your customers to specific URLs based on which brand they are trying to log into. You can follow the instructions in this Multibrand - Using multiple JWT single sign-on URLs article.

    You will also want to set things up so that the list of your brands doesn't get sent out to your customers so, theoretically, unless your customers know the domain/subdomain from the brand you do not wish them to log into, they will never know that it's there.

    0
  • Chad Susa

    Hi There

    Just want to clarify if the below is possible when using SSO and mutlibrand.

    SSO is configured (SAML) for end users.

    • Brand 1 (Internal Help Desk, hostmapped) - I want end-users to login via SSO
    • Brand 2 (Customer Facing Retail Brand, hostmapped) - I want end users to login with their Zendesk Credentials
    • Brand 3 (Customer Facing Retail Brand, hostmapped) - I want end users to login with their Zendesk Credentials
    • Brand 4 (Customer Facing Retail Brand, hostmapped) - I want end users to login with their Zendesk Credentials

    For Brands 2, 3 and 4 these Help Centers don't require sign in so customers can access the Help Centers no problems (as anonymous users). But if they want to sign in and see their 'My Activities' etc, currently it goes to the SSO.

    Not sure if this is possible.

    Many thanks
    Chad

    0
  • Darenne
    Zendesk Customer Care

    Hi Chad, 

    Thanks for patiently waiting! Ideally, it is not possible to apply different SSO options to individual brands, unless using a custom script for JWT. Based on the scenario you provided, it appears that this article is the best suite for your workflow as this approach will allow you to create an easy script between Zendesk Support and the SSO login script in your server that will allow you to route your customers to specific URLs based on which brand they are trying to log into.

    I hope this clarifies it! 

    0
  • Chad Susa

    Many thanks Darenne.

    This is clear :)

    Cheers

    Chad

    0

Please sign in to leave a comment.

Powered by Zendesk