Recent searches


No recent searches

Enabling SAML single sign-on



image avatar

Charles Nadeau

Zendesk Documentation Team

Edited Nov 15, 2024


11

49

49 comments

Hello All,

I am currently using SAML and I just updated the Certificate fingerprint on Zendesk SSO, because the certificate will expire in 2 weeks. i tried saving the setting but i kept getting error under SAML SSO URL "Enter a URL that's unique to this SSO configuration". i never changed that part of the setting  because it has been the same and has been working fine since i did the setup in 2019. Any help would be appreciated. i am using Azure AD for SSO

0


image avatar

Barkha Bhatia

Zendesk Product Manager

Hi Daniel Coker

Please reach out to customer support at Zendesk, someone should be able to help you.

0


I need help

0


Looking at Microsoft's documentation "Single sign-on SAML protocol", the Subject element is not supported and this information should be provided by using a login_hint url parameter. How is the email address provided in the case of Azure AD?

0


Just to update that we got this sorted - it was an issue with our Azure AD configuration. All works as expected now.

0


Our SAML certificate rotates every three months, is there an automated way we can update the fingerprint that Zendesk is expecting?  Our certificates are available at a well-known/discovery endpoint from our IdentityProvider.

0


For anyone running into issues with Azure AD integration in 2023, the Zendesk app from the Azure gallery asks for the Entity ID in the https://*.zendesk.com format. However, the SAML Issuer field from Zendesk comes in the <subdomain>.zendesk.com format (and these are supposed to match). We also had to change the AppID field in the corresponding App Registration.

1


Claire Valentine Hi, did you manage to solve issue AADSTS650056? If so, you can share how please?

0


image avatar

Joyce

Zendesk Customer Care

Hello LB,
 
This Microsoft article gives some general information about the error: Error AADSTS650056 - Misconfigured application
 
In most cases, this error can be resolved by removing `https://` from the "Identifier (Entity ID)" value in Azure. 
 
Hope this helps!
 

0


Is there a problem with SAML recently? It used to work but suddenly it doesn't work anymore.

 

0


Recently we implemented SSO through SAML and we seem to have the issue regarding AADSTS650056. 

Tried the solution of Taylor to remove the https:// and that solved the issue!

0


Carsten van Willigen I had same isse and was solved when we discovered there was a typo.

For our case, it was the "/" in end of the URL:

E.g.:
Correct: https://yoursubdomain.zendesk.com
Wrong: https://yoursubdomain.zendesk.com/

0


How to add a parameter to add a user to a certain user segment? In theory it could be done via tags but I only see a tag solution that would delete all existing tags in the user account. That of course can't be done.

0


"After enabling SAML single sign-on in Zendesk, changes made to users outside Zendesk sync to your Zendesk account. For example, if a user is added to your internal Active Directory or LDAP system, the user is automatically added to your Zendesk account."

This isn't true, is it? How would users be auto-provisioned if JIT provisioning isn't even enabled/supported?

Charles Nadeau

0


image avatar

Kristie Sweeney

Zendesk Documentation Team

Hi Joe Sutcliffe,

Thank you for calling this out - the wording needed to be clarified here. We changed it to:

"After enabling SAML single sign-on in Zendesk, changes made to users outside Zendesk are reflected in your Zendesk account. For example, if a user is added to your internal Active Directory or LDAP system, and the user tries to sign in to Zendesk, the user is automatically added to your Zendesk account. When changes are made to the user's data in your internal system (such as name or email address), any attributes shared in the payload of the SAML are updated in Zendesk." 

I hope this helps! Don't hesitate to contact Zendesk Customer Support if you need anything.

0


Hi All!

To confirm, can we enable SSO in Zendesk sandbox? I've received conflicting information and would like to confirm. 

Cheers,

0


image avatar

Paolo

Zendesk Engineering

Hi Afton,
 
Enabling the SSO in a Sandbox account is possible.
 
Best,
Paolo | Technical Support Engineer | Zendesk

0


Hello,

 

is there anybody on this thread who has faced or is facing the AADSTS650056 error from EntraID? We have followed this setup guide here and also the setup guide from EntraID for Zendesk (https://learn.microsoft.com/en-us/entra/identity/saas-apps/zendesk-tutorial).

 

Strange thing is that when we try to login to the agent center, the SAML AuthNRequest form Zendesk to EntraID contains an issuerId value of urn:sitename

This appears to be very strange as the comments here and also the Microsoft documentation talks about an issuerID / EntiyID value of sitename.zendesk.com

 

The result seems to be, that EntraID cannot match a configured SMAL application to the AuthNRequest it is receiving from Zendesk and then returning AADSTS650056.

 

What I also don't understand is that when we start the login flow on https://sitename.zendesk.com/agent/home/tickets, the AuthNRequest sent from Zendesk to EntraID contains a return_to (Reply Url) value of https://customhost.sitename.com/agent/home/tickets..

 

It there anybody here who has some experiences on this? Any idea is highly appreciated..

 

Thanks

René

0


Is it not possible to bring the profile photos across from the IdP for the agents? All our staff have photos on their profiles in Entra already

1


Please sign in to leave a comment.