Enabling SAML single sign-on

Return to top


  • Appsian ERP

    Great post & thank you for sharing, one of the good blogs to read about enabling SAML single sign on


  • Aggelos Kanarelis


    I am setting up SAML SSO with Azure and when testing I am getting an error that identifier is wrong. I have configured according to guidelines (https://subdomain.zendesk.com) as indicated in table 6 of the page. Any ideas what might be wrong.


  • Hubert C

    Hello Aggelos!

    I understand you've chatted with our colleague regarding this issue and was able to resolve it on your own.  If you have any tips on what you did to resolve it, we'd love to know! 

  • Aggelos Kanarelis

    I had to remove the https part from the URL. Then a little hack to land in the correct page for sign in. In Azure use the target of the Sign In button as the sign on URL.

  • Hubert C

     Thank you for this information! 

  • JB

    Can we update the End users alias via the SSO JWT flow? 

    It allows for updating any custom field but since the Alias isn't custom it's almost the only thing the documentation is missing.


  • James Balata

    I have set up SAML SSO with my IdentityProvider4 and am able to sso in fine. Is there a way to use my system's GUID to identity a zendesk user, instead of email?

    I see API PUT/POST calls to update/add User Identity type to email, twitter, etc., but nothing regarding a generic ID.

    Possibly external_id, but how can I specify Zendesk to accept this?

  • Sergei

    Hi James,

    Users in Zendesk are identified with email by default and email attribute is required when we talk about SSO authentication. 

    external_id will accept any values (numbers and characters) and you can pass this attribute in your SAML assertion payload (see above section of "Obtaining additional user data"), but it cannot be used as users primary identity.

  • Viktor Hristovski

    Hello. We are using okta to sign-in into Zendesk. I also wanted to pass on 3 fields from okta profile onto Zendesk profile for users (manager, manager email, department) so i made 3 user fields with those names. When setting up in Okta admin, do i need to map manager to manager, or manager to user_field_manager (as per this passage :

    user_field_<key> A value for a custom user field in Zendesk Support. See Adding custom fields to users. The <key> is the field key assigned to the custom user field in Zendesk Support. Example: user_field_employee_number where employee_number is the field key in Zendesk. Sending a null value or an empty string in the attribute value will remove any custom field value set in Zendesk Support.
  • Sabra
    Zendesk Customer Care

    Hey Victor! You'll want to map manager to user_field_manager assuming that manager is the key associated with the user field. 


Please sign in to leave a comment.

Powered by Zendesk