Recent searches


No recent searches

Inline images not displaying for agents in tickets



image avatar

Amy Dee

Zendesk Customer Care

Edited Jan 19, 2024


2

7

7 comments

I'm not seeing any way to add a domain to the SSO settings in Zendesk. What are the steps to implement this fix? 

1


Hi Cj, I'm going to bring this into a ticket so we can look into this further with you. You'll receive an email shortly stating your ticket has been created. :) 

-1


The answer to my question, is that this lives under the "branding" settings, which is wildly un-intuitive. 


0


This SSO fix is not good. We are using a passwordless authentication via SAML for our customers and for our staff. We can't change the host mapping, as that would make our customers to get redirected to an area that they can't access.

0


image avatar

Dane

Zendesk Engineering

Hi Matti,
 
SSO authentication for End users and Team Members have different section in the Admin Center. You can just try to set it up for the Team Member authentication to resolve the issue with inline images.
 
 

0


Disabling "Enable secure downloads" provides a temporary fix, but that exposes our ticket attachments to the potential for bots to index those images. This exposes potentially sensitive client information.

Trying to append "/agent" to our host mapped domain generates additional zendesk errors where the CNAME does not match. Cannot add /agent to our CNAME entry in DNS, only accepts FQDN.

The root cause appears to be recent browser security enhancements around CORS. Haven't tried disabling the CORS and Cross Site browser security settings, but this appears to be why attachments that need to be authenticated from host mapped domains using 3rd party SSO providers no longer works.

1


This resolution appears to fix the issue for Chrome users, but for Firefox you need to add an exception in the Enhanced Tracking Protection functionality for the Zendesk site itself, and the zdusercontent.com site where the attachment is stored.

For Safari, I can't find a way to add a site exception other than turning its protection off entirely.

1


Please sign in to leave a comment.