Question

Can I have customer-facing teams and internal teams with potentially sensitive tickets, such as Human Resources (HR) or Legal, work within the same Zendesk account?

Answer

By default, agents can view all tickets unless you configure otherwise. You can use one Support account for both customer-facing agents and internal agents. Consider privacy risks, especially if customer-facing agents submit tickets to internal teams as requesters. To prevent agents from accessing tickets in certain groups, change their role permissions.

• Restrict agents to groups
• Pros and cons of a single Support account
• Pros and cons of separate Support accounts

Restrict agents to groups

On the Enterprise plans, designate a group as private to ensure that agents outside the group cannot access tickets assigned to it.

Agents who do not have access to a ticket in a private group cannot view it or search for it. You can also prevent the agent requester, as an end user, from seeing private comments or agent-only fields on the ticket.

If your plan does not include private groups, add agents to groups and restrict them to tickets in their groups.

For more information on restricting agents' ticket access to groups, see Creating private ticket groups and granting agents access.

Role and group restrictions have these limits:

• If an agent must access tickets across multiple groups, the agent must belong to all necessary groups. When an agent reassigns a ticket outside those groups, the agent loses access to the ticket.
• If you add an agent as a CC on a ticket, that agent gains access in the Support interface, even if the CC’d agent does not belong to the ticket group.
• If an agent requests a ticket in an HR group, the agent can see all ticket fields and internal comments. This can be a problem when the HR agent must add sensitive details about the requester.

Pros and cons of a single Support account

Pros

Cons

One interface to manage all groups and departments. Single sign-on (SSO) configuration is easier. Some existing business rules, apps, and administrative settings can be reused. Centralized reporting for all ticket activity. Consolidate internal knowledge within one help center. You can enable agents to manage and submit requests from the help center to simulate parts of the end user experience.

If you are on the Professional, Growth, or Team plan, all agents can see internal comments and agent-only ticket fields. If an agent submits a ticket to HR, the agent can see all fields and internal comments on their own ticket. If you add a restricted agent as a CC or follower on a ticket, that agent gains access to that ticket regardless of group membership. All admins have access to all data within the HR account. Maintenance of groups and custom role restrictions can become unwieldy. Custom roles cannot be nested. To let non-HR agents see all tickets except HR tickets, your setup may require multiple groups. The first reply time SLA does not apply to tickets that non-HR agents create.

Pros and cons of separate Support accounts

Pros

Cons

Non-HR agents do not have access to agent-only ticket fields and internal comments in the HR account. Sensitive data stays private when the HR agent uses an internal note. HR and non-HR workflows remain completely separate. You have more flexibility for custom role permissions in both accounts, rather than requiring the All within their groups ticket access permission.

This option requires two accounts. Single sign-on (SSO) maintenance can be more complex because your SSO platform must connect to multiple instances. In account A, a user might be an agent, but in account B the same user might be an end user. Some integrations may not function in multiple accounts. For example, a Jira integration cannot integrate with two separate accounts. End users must use separate help centers to manage their requests and view content. Some training may be required to help users differentiate between the two help centers if they use both accounts.