As described in Understanding options for end-user access and sign-in, Zendesk offers multiple ways to authenticate team members and end users.
Because users may have different security requirements, Zendesk gives you the flexibility to allow multiple authentication methods for each type of user. For example, if you configured SAML SSO for team member sign-in, you can provide another authentication mechanism (such as email and password) if you have a subset of users who can’t sign in through SSO.
Understanding the sign-in options
When multiple authentication methods are active, you can configure the sign-in experience for each user type by selecting Let them choose or Redirect to SSO.
Let them choose allows the user to sign in using any active authentication method.
Redirect to SSO only allows users to authenticate using the primary SSO configuration. Users don’t see additional sign-in options, even if those authentication options are active.
Giving team members multiple ways to sign in
You can configure the sign-in experience so team members can choose how to sign in. For example, if you have two SSO configurations and Zendesk authentication active for team members, they would see a sign-in screen similar to the one below if you select Let them choose.
To give team members multiple ways to sign in
- To provide JSON Web Token (JWT), Secure Assertion Markup Language (SAML), or OpenID Connect (OIDC) SSO as a sign-in option to team members, you must first add the SSO configuration to the Single sign-on page in Admin Center, making sure that Show button when users sign in is selected.
- In Admin Center, click Account in the sidebar, then select Security > Team member authentication.
- To provide email address and password as a sign-in option to team members, select Zendesk authentication, then set the password security level.
- To provide SSO as a sign-in option for team members:
- Select External authentication.
- Select the SSO configurations (that you set up in step 1).
- Select the business account logins you'd like to make available to team members: Google or Microsoft. You can select one or both options.
- For How team members sign in, select Let them choose.
- Click Save.
Giving end users multiple ways to sign in
You can configure the sign-in experience so end users can choose how to sign in. For example, if you activate one SSO configuration, Zendesk authentication, and social sign-ins for end users, they would see a sign-in screen similar to the one below if you select Let them choose.
To give end users multiple ways to sign in
- To provide JSON Web Token (JWT), Secure Assertion Markup Language (SAML), or OpenID Connect (OIDC) SSO as a sign-in option for end users, you must first add the SSO configuration to the Single sign-on page in Admin Center, making sure that Show button when users sign in is selected.
- In Admin Center, click Account in the sidebar, then select Security > End user authentication.
- To provide email address and password as a sign-in option to end users, select Zendesk authentication and set the password security level.
- To provide SSO as a sign-in option for end users:
- Select External authentication.
- Select the SSO configurations (that you set up in step 1).
- Select one or more social logins you'd like to make available to end users: Google, Microsoft, or Facebook.
- For How end users sign in, select Let them choose.
- Click Save.