Issue symptoms

Agents in the Support interface see inline images as broken links.

Conditions

An account has the three settings listed below.

  • Help center is host-mapped.
  • Attachments require authentication to download.
  • Agents authenticate through SSO.

Resolution steps

This issue happens because of the way the three settings listed interact. With host mapping, end users see the host-mapped domain in the help center, but agents still use the Zendesk domain in the agent interface. Attachments are accessed through the host-mapped domain, so end users can see them. 

With SSO, it's possible for agents to authenticate directly into the agent interface without going through the help center. SSO authenticates agents into the Zendesk domain, but not the host-mapped domain. When this happens, agents don't have permission to see attachments at first. The attachments are on the host-mapped domain. That's why inline images appear broken in the agent interface.

Agents can fix this issue at any time by opening Guide. To switch from Support to Guide, use the Zendesk Products icon.

SSO admins can fix this issue for all agents by including the host-mapped domain in their SSO. 
Change the agent's return_to URL to be their host-mapped domain with /agent applied to the end.

For example, if mycompany.zendesk.com is host-mapped to support.mycompany.com, the return_to URL would be support.mycompany.com/agent. This will send agents directly to the agent interface with the host-mapped credentials applied.  Additionally, ensure this method is used with agents only. End-users will result in an authentication error.

Note: This recommendation only works if you send users to the brand in which you first opened your account with. If you want to have users directly authenticated into other brands, include a relay_state or return_to_url to have the browser take them there. 
Powered by Zendesk