Announcing split single sign-on (SSO) for team members and end users

Return to top


  • Josef Prandstetter

    Barkha Bhatia:

    This is really a great feature and we thank you very much for the implementation!
    However, in order to be able to use this enhancement comprehensively, we would not only need the distinction between "Team member" and "End user", but also per brand for the End user.


    • End user - Zendesk brand A: Zendesk authentication
    • End user - Zendesk brand B: External authentication SSO X
    • End user - Zendesk brand C: External authentication SSO Y
    • Team member: External authentication SSO Z

    Use case:
    For End user, which we serve via several Zendesk brands, we currently use the Zendesk integrated authentication and cannot change this in the near future.

    Beside End user we serve with one Zendesk brand of our Zendesk instance a Partner Portal.
    We would like to migrate this brand to Azure AD B2C as external authentication as soon as possible so that we can give partners access to the relevant documents located on our Microsoft Sharepoint such as recorded webinars, slidedecks, sales kits, product training, beta software downloads without having to create and maintain their own logins, and to offer seamless integration in terms of good usability.
    Due to the volume as well as primarily the file size, we cannot attach these documents directly to Zendesk Guide articles and Zendesk Gather posts.

    Are there any plans for such an enhancement or should I submit a feature request?

    If you have any questions, please feel free to contact me at any time.

  • David Cheung

    Hey Team, 

    I agree with Josef here. I have customers who are looking to be able to do SSO per brand, or no SSO. I can submit a second use case here on where this would come into play. 

    The customer has 2 brands:

    Brand A: End-user auth via SSO

    - This brand requires customers to log in as they are paid customers who pay for a service with the company. 

    Brand B: No Auth - open to the public

    - The brand is to be used as a sales portal where sales forms and information can be surfaced to customers who have not yet signed up for the service. No login is required as there is no sensitive information on this HC, all public-facing content. 

  • Barkha Bhatia
    Zendesk Product Manager

    Hi Josef Prandstetter Amie Brennan


    First off, thanks a ton for your kind words and the feedback you shared with us. We love your engagement through community and other channels.
    The good news is that the use cases you have described here are on our roadmap. Below is a sneak preview of how we want to progress. 
    - First, we want to allow Zendesk admins to set up Authentication such that a single brand customer's users can log in using any authentication method out of Native Auth ( username/password based), SSO, and Social Sign. Zendesk admin will be able to choose which method they want to allow for the respective users (agents/end users) depending on their architectural and security posture requirements.
    - After that we want to enable the same level of flexibility and granularity for multi SSO - multi-brand - multi authentication customers' use cases.

  • Josef Prandstetter

    Barkha Bhatia

    Thanks for the information - that sounds amazing - can you give a very, very rough timeline for implementation?

  • Kekoa Mooney

    This feature is great. I would love also to like to see options for Help Center/Brand specific SSO configurations. My team has expanded our Zendesk instance to non support teams whose user base expands further than my orgs user base(~6000). Our IT does not support our full global user base (~200K) however this team's requirement is that global end users should be able to submit tickets to their Branded Help Center. Currently we have no way to restrict access to our Help Center so we are forced to manage access individually.

  • Barkha Bhatia
    Zendesk Product Manager

    Hi Kekoa Mooney Thanks a lot for the feedback, I will email you and setup some time with you to go a little deeper into this.  


Please sign in to leave a comment.

Powered by Zendesk