The first step is to create a new Connect instance for your customer (or for a sandbox/testing environment). Connect instances are created in the AWS Management Console. Generally, you will create the Connect instance in the AWS region closest to your customer or as required (note: not all regions support Connect, so you must choose from the supported list).

You have the option of creating the Connect Instance via a CloudFormation template, or manually.

With Connect ready, your next step is to create a Contact Center instance.

Before you start, make sure that the following is in place.

• You must have access to the Contact Center Admin app, with permission to access the relevant instance.

  Access can be requested by contacting you IT department.

As a Zendesk Professional Services user, you’ll use the Contact Center account admin interface to create a new Contact Center account tied to the client's Connect instance. This essentially onboards the client into the Contact Center system, establishing the one-to-one connection between the two products.

Access the Contact Center account admin console: Zendesk provides a special account admin portal (distinct from the agent interface) for setting up and configuring customer accounts. It is accessible by Zendesk Admin users via the URL https://cc-admin.zende.sk Once logged in, ensure you select the appropriate pod in the admin tool (e.g., switch to Pod 31 | eu-west-2 (London) if your Connect instance is in London) so that any resources are created in the correct region.

To add a Zendesk for Contact Center account

1. In the admin console, navigate to the section where you manage customer accounts. Click on “Create New Account”. A form will appear for entering the new account details.

   

2. Fill in Account Details: Enter the required information for the client’s account. The exact fields may include:
   • (Account Details) Account Name: A descriptive name for the customer or project. You might use the company name and environment (e.g., “ClientXYZ Sandbox” or “ClientXYZ Production”). This name may also be used internally or in URLs, so keep it concise and identifiable.
   • (Instance Details) Instance Type: Choose according to the requirements of the project. For instance “Production” for a live account.
   • (Instance Details) Workspace ID: This will be automatically populated with the value entered in the field Account Name, but can be changed before saving the account. This will be used to form the URL to access the app and to link it to the Zendesk workspace.
   • (Plan Details) Licence Details: Here you will define the maximum number of agents planned for the account, the rate per agent, and the expiration date for the account.
   • (Zendesk Identifiers) Zendesk Instance Name: Enter the zendesk subdomain. The account ID will be automatically looked up and appear in the Zendesk Account ID field.
   • (Technical Contact) - Add a main technical contact for use in case Zendesk needs to reach out about the account.
   • (Feature Access) - Turn on/check the Advanced Dashboards feature. This is turned on by default. If turned off, the customer will not be able to utilise the Contact Center Dashboards app.
   • (Product Analytics) - This will remain unticked unless the customer has specified that we cannot send product analytics to third parties.
3. After reviewing your settings and submitting the form, click Create Account.

   The system will create a new Contact Center account entry. After creation, you will see the new account listed in the admin console’s accounts list. At this stage, the account exists on the Zendesk side, but it’s not yet fully connected to the Connect instance. Essentially, we have informed Zendesk “here’s a customer account and here is which Connect it will use” – the actual linking happens in the next step with CloudFormation step.

4. Verify Account Settings: You may click into the newly created account in the admin console to review its settings and confirm that the account has been successfully created. note that for the next step (Deploying CloudFormation Stack) you will need to use the button “Create Stack” visible at the bottom of the page for a newly created Account in the Contact Center.

You now have an Amazon Connect instance on AWS, and a Contact Center account in Zendesk.

To link Connect and Contact Center, you can use a CloudFormation stack provided by Zendesk. The stack is a pre-defined set of AWS resources and configurations that sets set up everything you need for the integration. This includes linking Connect with other AWS services such as Amazon Cognito for user management, Amazon Kinesis for streaming contact data, AWS Lambda functions for any custom logic, as well as establishing trust between Connect and the Contact Center app.

There are 3 scenarios from which a CloudFormation stack will need to be installed:

• A new Contact Center instance that has never had a CloudFormation stack installed.
• An existing Contact Center instance that has had a CloudFormation stack installed via the legacy (non-Admin app) method.
• An existing Contact Center instance that has had a CloudFormation stack installed via the current (Admin app) method.

The process itself is similar across each of the above scenarios, with the differences being how automated the process is and how much manual review/updates may be required.

In the Contact Center account admin portal, for newly created accounts (created in the process described in the previous section), or accounts that have previously been integrated on a Legacy process, at the bottom of the page you will find a button titled: “Create Stack” for CloudFormation Integration. Here’s how to use it:

1. Open the CloudFormation Stack Creator: In the newly created account’s settings in the account admin console, look for an option to set up the AWS integration. This will be the “Create a Stack” button. Press it in order to start creating the CloudFormation Stack (a new form will be presented to you):

   

2. Enter Stack Parameters: Provide the required details for the CloudFormation template.
   1. (Stack Details) Stack Name: A name for the CloudFormation stack. You can choose something such as: <Account Name from previous section> + “CF” + “07-30-2025”. It is recommended to include a date in the Stack Name to ensure it is easy to understand when the stack was installed.
   2. (Stack Details) Stack Region: This is the region in which you will deploy your CloudFormation stack.
   3. (Instance Details) Amazon Connect Instance ARN: ARN stands for Amazon Resource Name, a unique identifier for AWS resources. You need to supply the ARN of the Connect instance you created. You can find this in the AWS console: go to the Amazon Connect service, and in the instance details page, look for the Instance ARN (it typically looks like arn:aws:connect:region:account-id:instance/xxxxxxxx-xxxx-....). Copy that from AWS and paste it into this field in the admin console. Click here for more information.
   4. (Authentication): For new installations, select the “New Setup” option and for the “Domain Prefix” enter the URL domain of your Connect account. Here, access your Connect account >> Navigate to “Account Overview” section >> from the Access URL which will have the following form: https://YOUR_DOMAIN_PART.my.connect.aws copy the <YOUR_DOMAIN_PART> section and use it to fill in the “Domain Profile” part.
3. For existing installations, select the “Use an existing user pool and App Client” option and enter the User pool ID and App Client ID that are being used in AWS.
4. (Features): Here, for the:
   • “Dashboard and Analytics” - make sure that the “Enabled” option is selected.
   • This is turned on by default and will remain turned on unless the customer has specified otherwise. This will turn on data flowing into the Contact Center Dashboards app, which is a separate app available via the Zendesk Marketplace (available for free to all Contact Center) customers.
   • (Resource Tags): These are optional.
5. Launch the CloudFormation Stack: After filling in the necessary fields, click Launch Stack.
   In an open pop-up window you will have two options/paths to follow:

   1. Automated Launch: After creating the CloudFormation stack, you will be automatically redirected to the AWS CloudFormation Console with the template ready to deploy. This is convenient if you (or someone on your team) have access to the customer’s AWS account with sufficient permissions.
   2. Manual Template Copy: A button “Copy Instructions to Clipboard" can be used if you do not have direct access to the AWS account. This allows you to export the CloudFormation template (usually as a JSON or YAML file or a link). This link or export can then be used by the relevant team with AWS access to implement the CloudFormation stack.

   

6. After actioning the CloudFormation stack, either directly from the account admin portal or by using the URL, will open a new browser tab/window taking you to AWS CloudFormation’s Quick Create Stack page with the template already loaded. You’ll see the stack name and parameters filled in as you provided. Scroll down to the bottom of the page and there you will see the section: “Capabilities and Transforms” => In that section check and mark all the acknowledgments and then click “Create Stack” after reviewing all the parameters to confirm they are accurate.

   

7. Once initiated, CloudFormation will start creating resources. In the AWS CloudFormation console, you can watch the progress. It will list events such as “CREATE_IN_PROGRESS” for various components. This process can take a few minutes. The stack is doing a lot in the background: setting up IAM roles/policies, Lambda functions, Kinesis data streams, Amazon Cognito user pool and groups, configuring Connect settings, etc. Typically, if everything is set up correctly, this will complete without intervention. The status will change to CREATE_COMPLETE when done.

   While it runs, do not close the stack page.

   Tip: You can refresh your web browser to see updates, but we recommend waiting for the stack to complete. If the stack fails, it will roll back (you’ll see a status such as ROLLBACK_COMPLETE). If you have any problems, see the troubleshooting section below.

   

8. When the CloudFormation stack shows CREATE_COMPLETE, the integration is complete. You have essentially “wired up” Connect and Contact Center. The CloudFormation template took care of all the previously manual steps. At this point, the following will be in place:
   • An Amazon Cognito user pool (and associated Identity Pool, if applicable) specifically for this Contact Center instance’s users.
   • An LMAdmin user group in Cognito (created by the stack) that will be used to designate admin users in Contact Center.
   • AWS Lambda functions or other services for features such as transcription, bots, etc., connected between Connect and Contact Center (the exact resources depend on the template’s scope).
   • IAM Roles/Permissions that allow Zendesk’s platform to access the Connect instance (within the limits needed) and vice versa, without exposing unnecessary access.
   • Possibly Connect configuration adjustments via API (for example, attaching Amazon Lex bots or setting up flow modules if the product requires, though many such things are likely optional or done later).

Post-Stack Steps:

Once the stack begins deployment, it will show in the Still deploying state. While in this state, you can click Check Status to check the completeness of the stack deployment. When it is fully deployed, it will appear as Ready to Activate.

After the stack is complete, the Zendesk admin portal will now show that the new Stack for the account is ready to be activated. Generally, once the AWS side is done, the Contact Center platform is ready to go live with that Connect instance.

Once you are ready to link the new stack, click Activate.

However, we’re not done with setup yet – we need to handle user access and a couple of final configuration tweaks. Next, we will set up a user in Amazon Cognito for logging into Contact Center and adjust Connect settings for a seamless login.

Now that the integration infrastructure is in place, make sure that users (agents or admins) can sign into Contact Center and that Connect will allow the connection. The following sections detail how to configure Cognito for a variety of SAML providers. The high-level requirement for configuring SSO is summarized and can be used as guidance for configuration of any new SAML providers that have not yet been documented.

Contact Center leverages Amazon Cognito for agent authentication, including Single Sign On (SSO). The benefits of this approach are:

• No agent data is stored in the Zendesk environment. All agent data is stored in Amazon Cognito in the client's own AWS account
• Amazon Cognito caters for user pools where users can manually be created, or
• Amazon Cognito caters for SAML federation, which enables SSO, with most SAML providers
• A SAML application (and associated xml configuration file) will be required.
  Note: To set up single sign-on (SSO) for Connect, configure the SAML application in the IAM Identity Center, which is often in a separate AWS account and region. However, the identity provider, role, and policy are established in the same AWS account as Connect.
• The SAML application must have the following specified:

  Attribute	Value
  ACS URL	https://${yourDomainPrefix}.auth.${region}.amazoncognito.com/saml2/idpresponse
  Application SAML audience	urn:amazon:cognito:sp:${yourUserPoolID}
  Application start URL (optional)	Contact Center login URL

• The SAML application must have the following two SAML attributes:

  SAML Attribute	Maps to this string value or user attribute	Format
  Subject	${user:email}	Persistent
  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress	${user:email}

• Configure the identity provider in Cognito with the following attributes:

  User pool attribute	SAML Attribute
  email	http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

The following resources provide additional information about setting up SSO with various services:

• AWS SSO
• Azure AD
• Okta
• Google Workspaces
• Cognito Userpools

When the CloudFormation stack ran, it created an Amazon Cognito user pool for this Contact Center instance. The user pool is basically a directory of user accounts who can authenticate to Contact Center. It likely also created an App Client in Cognito (which the Contact Center web app uses to allow users to login), and an LMAdmin group for admin permissions. Our next step is to create at least one user in this user pool so we can test logging into Contact Center.

To manually add a user

1. Navigate to the Cognito service in the AWS console. Under User pools, click the use pool you want to manage.

   

2. Go to App client settings, Login pages tab, and edit the Managed login pages configuration.
3. Change the Identity Provider to be the Congito user pool directory.
4. In the Cognito user pool console, find the section for “Users” and choose “Create user” (or “Add user”). You will be prompted to enter details for the new user account:
   • Username: Choose a username (e.g., the person’s email or a simple name). For testing, you could use “testuser” or your own name.
   • Temporary Password: Set an initial password for the user. (Cognito may require the user to reset the password on first login, but for our internal testing we can set a simple one and optionally turn off the reset requirement).
   • Contact Info: Depending on settings, you might need to provide an email and/or phone number for the user (these can be used for password recovery or MFA). Use a valid email if possible so you could receive communications, or dummy data if not needed.
   • Account Status: Ensure “Mark phone/email as verified” is checked if you provided those and don’t want Cognito to expect a verification step. Also, check “Temporary password” so the user must change it on first login (for production users). For quick tests, you might allow them to keep the password – just be mindful of security.
   • Create the user. The new user will now appear in the user list for the pool.

     

This user now represents an agent (or admin) who can log into the Contact Center web app.

To allow Contact Center to send call recordings back to Zendesk after a call, turn on the Voice Post Call Lambda in AWS.

To turn on writeback

1. Navigate to Lambdas in your Amazon Console.
2. In the "Functions" section, search for "post". This returns a function with a name containing "VoicePostCa"
3. Open this function, and on the Function overview page, select Configuration > Triggers from the navigation menus.

   ‍Contact Center Zendesk Voice Post Call Lambda function:

4. For Kinesis, select its checkbox, then select Edit

   

5. In the “Edit trigger” page, select “Activate trigger” and save the change

   

6. For EventBridge, select the link in the name (blue highlighted hyperlink)

   

7. In the EventBridge rule details page, select the “Enable” button at the top of the page

   

8. Repeat the above steps for the following Lambda functions:
   • ContactLensEventsLambda
   • CTRIngestLambda

After all these steps have been completed, your Call transcripts will reflect in Zendesk from a Contact Center voice call.

‍

Note: If a dual stack upgrade - see the “Understanding the Key Components” section - is performed, then these triggers must be turned off on the old lambda and only then turned on on the new Lambda.

By default, newly created users are regular users. If a user has administrator privileges in Contact Center (meaning they can configure Contact Center settings, view dashboards, etc.), they will need to be added to the LMAdmin user pool group that was created with the CloudFormation stack.

In the Cognito user pool, go to “Groups” and you will see a group named LMAdmin. Click on that group and add your new user to the group (there will be an option to select and add users to the group).

Note that if you use SSO, the users available to add to this group are only created after they have successfully logged into Contact Center at least once. Once added, this user will gain access to the settings and dashboard pages in Contact Center.

Connect includes a security setting that controls which web origins (domains) are allowed to embed or access the Connect streams (for example, the softphone/agent interface). Since Contact Center is a separate web app that links to Connect (through the browser, using Connect’s streams API and SAML login behind the scenes), we need to whitelist the Contact Center domain in the Connect instance settings. This ensures that when an agent uses Contact Center, Connect recognizes it and permits the connection.

To configure approved origins

1. In the AWS console, open the Amazon Connect service and click on your instance’s name to view its details. There will be a section for “Approved origins”. This is where you can add the URLs to be approved.
2. Enter the origin (domain URL) for the Contact Center web app that agents will use. Typically, Contact Center is accessed via a web app URL – for example, it could be something such as
3. Add the following URLs:
   • https://${Zendesk Instance Name}
   • https://1162892.apps.zdusercontent.com
   • http://1162894.apps.zdusercontent.com

   Where the variables are as follows:

   • ${Zendesk Instance Name} - Instance name for the zendesk account with the full domain. For example https://demoinstance.zendesk.com
4. Save the Settings: After adding the allowed origin, save or apply the changes. Connect will now trust requests coming from that domain.

Why this matters: If you skip this step, when a user tries to log into Contact Center, and it tries to silently open the Connect stream or perform actions via the Connect APIs, it may get blocked due to CORS (cross-origin request) restrictions. Whitelisting the domain prevents that issue. It’s a one-time setup for each Connect instance and integrating app.

With the Cognito user in place and the Connect origin set, the integration setup is essentially complete. You can now test the end-to-end functionality.

To test your contact center

1. Log out of the Contact Center admin console and navigate to the Contact Center agent login page https://${Zendesk Instance Name}/agent. It will present a login – which is backed by the Amazon Cognito user pool you created or SSO login.
2. Try logging in with SSO or the user credentials you set up in Cognito (username and password).
3. Upon successful login, you will enter the Contact Center independent interface. This web app will link to Connect in the background (using the allowed origin we set and the integration configuration we deployed). If your Connect instance is brand new, there might not be much to see yet (no contacts coming in, etc., unless you set up a phone number or chat). However, you can verify connectivity by seeing if the Connect softphone/agent status controls load in Contact Center.

   For example, you might see your Connect agent status (Online/Offline) indicator in the Contact Center UI and be able to change status or make a test outbound call if numbers are claimed. This indicates the integration is working.

You're now ready to install the Contact Center app in your Zendesk account.

To install the Contact Center app

1. In your Zendesk account, navigate to Admin Center.

   

2. Navigate to Zendesk Support Apps.

   

3. Open the Marketplace.

   

4. Search for Zendesk for Contact Center in the Marketplace.

   

5. After the Contact Center app has been installed in your Zendesk account, navigate to Admin Center > Apps and Integrations > Apps > Zendesk Support apps > the newly installed Contact Center app.

   

6. Select the app and update the following settings using your existing Contact Center instance URL:
   • Title: It is advised to leave this name as is.
   • Contact Center Workspace: Once you have your Contact Center environment set up, you can retrieve this workspace value from the URL of your standalone Contact Center environment.
   • Zendesk for Contact Center Region: Once you have your Contact Center environment set up, you can retrieve this region value from the URL of your standalone Contact Center environment.
   • Enable role restrictions: With this optional setting you can limit specific roles to have access to the Contact Center app.

     id="image_btf_shm_vgc" width="300"

   • Enable group restrictions: With this optional setting you can limit specific groups to have access to the Contact Center app.
7. After the fields have been filled, save the changes.

The Contact Center app will now appear in the top right corner of your Zendesk instance.

Now that you've installed the Contact Center app, you can configure its settings.

To configure the Contact Center app

1. After the Contact Center app has been installed in your Zendesk environment, navigate to your Zendesk Admin Center > Apps and Integrations > API Tokens.

   

2. From here, select the “Add API token” button and give the token a recognizable name indicating it will be used to connect the Contact Center app to your Zendesk account.

   After saving the new token, copy the token string and keep it handy for the next steps.

   

3. Navigate to the Contact Center App, navigate to the Admin Settings.

   

4. Click on the Zendesk Settings page (Indicated by the Zendesk symbol on the left-side navigation bar. From here you will see the helpful “Get started” guide for getting your Contact Center app connected to your Zendesk account.
5. Expand the Your Zendesk Account panel, then click Edit.

   

6. Paste the API key you copied previously, and Zendesk admin email address into the form that pops up.
7. Click Connect Account.

   You are presented with a page to set up your preferred ticket creation rules for Zendesk, as well as how transcripts and recordings will be handled. If you are unsure of what these settings should be set as at this point, you can leave them and come back to update them at a later time.

   

8. Click Complete.

   The Contact Center app and your Zendesk account are now linked.

9. In your Zendesk environment, perform a hard refresh of your browser.
10. Select the Phone icon in the top-right corner of the page to open the Contact Center app.

    

11. Click Continue
12. Sign in using the login and authentication process set up for your account.
13. Perform a test call by setting up a new number in the Connect Dashboard, linking it to a new or preconfigured Contact Flow, and confirm whether the call reaches your agent in Zendesk through the app.

Congratulations – you have now set up a functioning integrated contact center!