Enabling SAML single sign-on

Return to top

19 Comments

  • Appsian ERP

    Great post & thank you for sharing, one of the good blogs to read about enabling SAML single sign on

     

    0
  • Aggelos Kanarelis

    Hi

    I am setting up SAML SSO with Azure and when testing I am getting an error that identifier is wrong. I have configured according to guidelines (https://subdomain.zendesk.com) as indicated in table 6 of the page. Any ideas what might be wrong.

    Thanks

    0
  • Hubert C

    Hello Aggelos!

    I understand you've chatted with our colleague regarding this issue and was able to resolve it on your own.  If you have any tips on what you did to resolve it, we'd love to know! 

    0
  • Aggelos Kanarelis

    I had to remove the https part from the URL. Then a little hack to land in the correct page for sign in. In Azure use the target of the Sign In button as the sign on URL.

    0
  • Hubert C

     Thank you for this information! 

    0
  • Jonathan Brown

    Can we update the End users alias via the SSO JWT flow? 

    It allows for updating any custom field but since the Alias isn't custom it's almost the only thing the documentation is missing.

     

    1
  • James Balata

    I have set up SAML SSO with my IdentityProvider4 and am able to sso in fine. Is there a way to use my system's GUID to identity a zendesk user, instead of email?

    I see API PUT/POST calls to update/add User Identity type to email, twitter, etc., but nothing regarding a generic ID.

    Possibly external_id, but how can I specify Zendesk to accept this?

    0
  • Sergei
    Zendesk Customer Care

    Hi James,

    Users in Zendesk are identified with email by default and email attribute is required when we talk about SSO authentication. 

    external_id will accept any values (numbers and characters) and you can pass this attribute in your SAML assertion payload (see above section of "Obtaining additional user data"), but it cannot be used as users primary identity.

    0
  • Viktor Hristovski

    Hello. We are using okta to sign-in into Zendesk. I also wanted to pass on 3 fields from okta profile onto Zendesk profile for users (manager, manager email, department) so i made 3 user fields with those names. When setting up in Okta admin, do i need to map manager to manager, or manager to user_field_manager (as per this passage :

    user_field_<key> A value for a custom user field in Zendesk Support. See Adding custom fields to users. The <key> is the field key assigned to the custom user field in Zendesk Support. Example: user_field_employee_number where employee_number is the field key in Zendesk. Sending a null value or an empty string in the attribute value will remove any custom field value set in Zendesk Support.
    0
  • Sabra
    Zendesk Customer Care

    Hey Victor! You'll want to map manager to user_field_manager assuming that manager is the key associated with the user field. 

    0
  • Viktor Hristovski

    Hi SAbra, so we are doing provisioning from okta and we are running into a problem. Okta is trying to push Role , Custom Role and Ticket Restriction to Zendesk and its not passing on (we are getting error). Is there a way to turn this off (is is needed to edit the saml insertion for this)?

    I wonder is it possible to arrange a video call with Zendesk and Okta support to help us  figure this out? 

    0
  • Cheeny Aban
    Zendesk Customer Care
    Hi Viktor

    I suggest that you capture a har file with timestamp and initiate a conversation with us so we can further check your SSO set up. 
    0
  • Andrew

    Hi,  We need to update our SSO SAML config/Cert.  Do you know if saving an update to the config will negatively impact anyone logged in currently? 

    For example would it kick agents out of the system and force them to re-authenticate? 

    0
  • Charles Gresula
    Zendesk Customer Care

    Hi Andrew,

    As documented here, Browsers use cookies (files containing user data) placed in your computer’s cache (temporary data storage space) to store website information on your computer, so web pages and components can load quickly. Zendesk uses this ability as well to deliver the best possible performance.

    When you update your SSO SAML config/Cert, your cache and cookies can become outdated, which may cause issues and unwanted behavior when your browser tries to use older versions. To fix this, you just need to clear your cache and cookies.

    0
  • Hi, 

    Does Zendesk support multiple sites from a Single Federation? 

    Thanks, 

    Stefan 

    0
  • Tony Kang

    Hi,

     

    While setting up SAML SSO with Azure, I am getting the error that Identifier(Entity ID) in Azure doesn't match the Issuer attribute sent from the application(Zendesk). 

    Can you please confirm the Issuer attribute Zendesk is sending so I can match in Azure? The Issuer attribute doesn't appear in Zendesk console so I cannot find.

     

    Thanks.

     

    1
  • Dane
    Zendesk Engineering
    @Tony Kang,
     
    It seems that you have already contacted us through Messaging and the value has already been provided. Please check the ticket #10173395 for more information. 
    0
  • Claire Valentine

    We have SAML set up with Azure and are getting the error AADSTS650056 - we have the SAML configured as per this guide, but cannot use it to get authenticated?

    0
  • Cheeny Aban
    Zendesk Customer Care
    Hi Claire, 

    Error AADSTS650056 is a Misconfigured application as per this Microsoft documentation. I would suggest that you follow the suggested solution from the said article
    0

Please sign in to leave a comment.

Powered by Zendesk