|Announced on||Rollout starts||Rollout ends|
July 29, 2022
July 27, 2022
Aug 3, 2022
Zendesk is excited to announce a new SSO feature that lets you set up separate SAML or JWT configurations for team members and end users. This feature provides an out-of-the-box solution for customers who want to authenticate all types of users, including team members and end users, using SSO but want to persist user data on separate Identity Providers (IDPs) based on user type. With this solution, you can create two separate SSO configurations, one for your team members and one for your end users.
Why did we build it?
In the past, Zendesk only allowed one SAML or JWT configuration for both types of users. However, many customers have different IDPs set up for different user roles. As a result, some customers had to make compromises with their SSO setup and give up using SSO authentication for end users because we only supported one SAML setup per Zendesk instance. But now we allow customers to create separate SAML or JWT configurations for the each user type. Users’ data can reside in their respective IDPs and still allow any type of user to sign in to Zendesk using SSO.
How does it work?
You can now create SSO configurations and provide a unique name for each one. Examples: “Okta-SAML-Team_Members” or “Google-JWT-End_Users”. Once you’ve created those configurations, you can go to Security > End Users and select the SSO configuration through which you want your end users to be authenticated. You can do the same for team members. Go to Security > Team members and select the SSO configuration. If you have only one SAML or only one JWT configuration for all types of users, just perform the same steps and select the singular configuration option.
Tell me more
See the following articles for more information:
- Using different SAML and JWT SSO (single sign-on) configurations
- Managing single sign-on (SSO) configurations
- Single sign-on (SSO) options in Zendesk
We make the distinction to redirect users to their respective IDP based on the URLs through which they access the Zendesk instance. So we recommend that team members and end users use their respective URLs to be redirected to their respective IDP for SSO authentication.