Add-on | Zendesk for Contact Center

This guide helps you to set up Zendesk for Contact Center with Zendesk and Amazon Connect. It covers setting up a Connect instance, integrating it with the Zendesk for Contact Center app and with Zendesk itself.

You'll learn about the overall process from creating a Connect instance, linking it with the Contact Center app and Amazon Cognito, and key components and how they relate to each other.

This article contains the following topics:

  • Understanding the key components
  • Step-by-Step Walkthrough
  • Next steps
  • Troubleshooting

Understanding the key components

Before you start, it’s important to know the key building blocks of Contact Center and how they interact:

  • Amazon Connect is a cloud-based contact center service from Amazon Web Services (AWS) that helps you to set up and manage customer support calls and chats. Connect provides the core contact center capabilities that Contact Center builds on. Connect handles phone calls, chat conversations, queues, contact flows, and more. Every customer who uses Contact Center must have their own Connect instance in their AWS account. Contact Center links one-to-one with a specific Connect instance. You cannot link multiple Connect instances to a single Contact Center account.
  • Amazon Cognito is an AWS service for user authentication and authorization. With it, you can manage user sign-up, sign-in, and access control for web or mobile apps. For Contact Center, Cognito provides a user pool where user accounts (agents, supervisors, admins) who will log into Contact Center are stored. Cognito securely handles passwords and login, so that Zendesk users can sign into the Contact Center app. Cognito is used to create and manage agent identities instead of building a custom user management system from scratch. During the integration setup, a Cognito user pool is automatically created (via CloudFormation) to facilitate this identity management.
  • Amazon CloudFormation helps you automate the setup of AWS resources via templates. Rather than manually configuring multiple services and permissions, you can use CloudFormation to deploy all the necessary AWS components for the integration in one go. In simpler terms, CloudFormation acts as an automated installer for linking Connect with the Contact Center app. The CloudFormation stack (a collection of AWS resources defined by a template) we use will create and configure resources such as the Amazon Cognito user pool, IAM roles/permissions, AWS Lambda functions, streaming connections, and other components that allow Connect and the Contact Center app to work together. This saves a lot of time and reduces errors from copying and pasting values manually.
  • Zendesk for Contact Center app: This is a contact-center-as-a-service platform by Zendesk that sits on top of Connect. It provides an intuitive agent desktop and additional features (such as omnichannel inbox, AI-powered tools, and advanced dashboards) to enhance the basic Connect experience. In other words, the Contact Center app is a pre-built contact center app that uses Connect behind the scenes. Agents log into the Contact Center web interface to receive calls or messages, but those communications are actually handled through the customer’s own Connect instance.

    A key point is that Contact Center is deployed in the client’s AWS environment. All Contact Center data (call recordings, customer info, etc.) stays in the customer’s AWS account rather than on Zendesks’ servers. This ensures great security and privacy. To use Contact Center, you link the Connect instance to the Contact Center app and deploy the AWS components (via CloudFormation) that allow the integration. Once set up, Contact Center and Connect operate as a unified contact center solution.

  • Dual-stack upgrade process: As set out in the document, the required infrastructure for Contact Center is deployed to a subscriber AWS environment via CloudFormation. Once deployed, that stack is never updated using the CloudFormation update process. Instead, a new (dual) CloudFormation stack is created and once ready, Contact Center is reconfigured to use the new infrastructure. Once tested and validated, the old stack can be deleted. The main reason for this is to ensure a safe rollback point. While CloudFormation supports rollback capabilities, this can fail based on e.g. the permissions that the person performing the install and/or rollback has. As such, the safest - and only supported - way of upgrading the CloudFormation stack is via this dual-stack process. To perform an update, a new updated template URL must be requested from Zendesk in order to create the new stack.

Now you've covered the basics, you're ready to start the setup process. We will follow the sequence of steps required to get a new Connect instance up and running and integrate it with Contact Center.

Step-by-Step Walkthrough

At a high level, the process to set up Contact Center involves:

  1. Setting up an Amazon Connect instance (the AWS contact center).
  2. Creating a Contact Center account that corresponds to the Connect instance.
  3. Deploying the CloudFormation stack to link Connect with the Contact Center app (and set up Amazon Cognito, SSO and other AWS resources).
  4. Configuring user access – creating a user in Amazon Cognito for Contact Center, and adjusting Connect settings (such as allowed origins) for integration.

Set Up an Amazon Connect Instance

The first step is to create a new Connect instance for your customer (or for a sandbox/testing environment). Connect instances are created in the AWS Management Console. Generally, you will create the Connect instance in the AWS region closest to your customer or as required (note: not all regions support Connect, so you must choose from the supported list).

You have the option of creating the Connect Instance via a CloudFormation template, or manually.

Steps to create a Connect instance from a CloudFormation stack

This section covers the steps to setup a new Connect instance using a CloudFormation template. The Connect instance created by the template will have SAML authentication turned on. If an application is already configured on the SAML IdP and the metadata file is available during the deployment of this template, the template will configure all the IAM resources required to integrate Connect instances with the same IdP.

To create a Connect instance from a CloudFormation stack

  1. (Optional) To turn on single sign-on for Connect instances, configure an application in your IdP with SAML authentication turned on.
  2. Once the application is configured, download the SAML metadata xml file.

    Note: Value for “Relay State” in the application can be left blank. This can be updated after the Connect instance is set up.

To deploy the Connect instance template

  1. Navigate to Cloudformation service in the AWS console and click on Create Stack and enter the below S3 URL:

    https://zendesk-contact-center-us-east-1.s3.amazonaws.com/connect/cfn.yaml

  2. Enter a unique value for InstanceAlias. If the SSO application is already configured, copy-paste the entire contents of the metadata xml file in the “SamlXmlDocument” parameter. This parameter can be left blank, if the SAML application is yet to be configured.
  3. Click Next and complete the stack deployment

To configure a SAML application to Connect instance (Optional)

  • Note the SamlRelayState from the stack outputs and update the relay state in the SAML application configured in your SSO for your Connect instance.

The following resources are provisioned by the template

  • Connect Instance
  • S3 bucket for transcripts
  • KMS key for S3 bucket
  • Kinesis Stream
  • Customer Profiles domain
  • KMS Key for Customer Profiles domain
  • SAML Identity Provider in IAM
  • IAM Role for SAML

Steps to manually create the Connect instance

If you want to create your Connect instance manually, use the information in this section.

To manually create a Connect instance

  1. Navigate to Amazon Connect in AWS Console: Log in to the AWS console and open the Connect service. You’ll see a page listing any existing Connect instances in the selected region (if none exist, it will say none are created yet). Click on “Add an instance” to start the setup wizard.

  2. Set Identity management method: Choose the preferred identity management method. This is generally expected to be SAML 2.0-based authentication for client environments.

  3. Provide Access URL / Instance Name: This name will also become part of the instance’s URL (for example, if you name it “MyDemoConnect”, the instance URL will look like MyDemoConnect.awsapps.com/connect/..). Pick a name that identifies the client or purpose (e.g., ClientName-ConnectEU).
  4. Add Administrator: You will also need to specify whether an administrator user for Connect needs to be created. For simplicity, you can create an admin username (e.g., “admin” or your name) and a password. This will be the login used to access the Connect dashboard initially. (In real deployments, customers often integrate with their Single Sign-On via SAML, but for training and sandbox purposes a manual admin user is fine.)
  5. Telephony and Data Settings: Next, configure how the contact center will handle communications and store data:
    • Telephony Options: You can turn on inbound and/or outbound calling. For most uses, turn on both Inbound and Outbound calling (so the instance can receive and make calls).
    • Data Storage: Connect will create an Amazon S3 bucket in the background to store call recordings, chat transcripts, and other data. In the setup wizard, make sure that the Option: “Enable Customer Profiles” is turned on.

      We strongly recommend that the Profile Creation Policy be set to “Associate Only”.

  6. Also, turn off the “Enable Email” option - it is because we do not use email for the Contact Solution Center.
  7. Uncheck Custom Data Storage (Advanced).
  8. Review and Create: Continue through the wizard, reviewing the settings on the final page. Once everything looks good, click Create Instance. Connect will begin provisioning the instance. It usually takes a couple of minutes for the instance to be ready. During this time, AWS is setting up the service and resources in the background. Note: Avoid closing the browser or navigating away until it’s done, to prevent any interruption (the creation process is fairly quick and robust, but it’s a good practice to wait).
  9. Instance Created: When the creation is complete, the console will show your new instance. If you have set up the environment to not use SSO, you can click the “Access URL” (the instance URL) which opens the Connect login page. Use the admin username and password you set to log in. This will bring you to the Connect dashboard – a web-based interface where you can manage your contact center (configure contact flows, users, etc.). On first login, you might see some default sample contact flows and a basic dashboard screen. At this point, the Connect side is up and running.

    Note: If you set up SSO for login and authentication, you must complete those steps further down the guide before you will be able to log into the Connect environment.
  10. Kinesis Data Streaming: Before proceeding to creating the Contact Center account or the CloudFormation stack, it is important to ensure that Kinesis data streaming (make sure you don't select Kinesis firehose) is turned on in the new Connect instance. To do this, in the AWS Console, navigate to the new Connect instance > Data Streaming > Enable data streaming and be sure to select “Kinesis Stream” and create a new stream if needed. Then select save.

You now have an operational Amazon Connect instance. Remember, this is the foundational piece – every client needs their own Connect instance to use Contact Center.

NOTE: It is the AWS account owners responsibility to ensure that service limit increases are logged with AWS as required, e.g. concurrent call limit, number of numbers that can be claimed, whitelisting outbound countries etc.

Next, we’ll set up the corresponding Contact Center account and link it to the Connect instance.

Create a Contact Center Account (Zendesk Professional Services Only)

With Connect ready, your next step is to create a Contact Center instance.

Before you start, make sure that the following is in place.

  • You must have access to the Contact Center Admin app, with permission to access the relevant instance.

    Access can be requested by contacting you IT department.

As a Zendesk Professional Services user, you’ll use the Contact Center account admin interface to create a new Contact Center account tied to the client's Connect instance. This essentially onboards the client into the Contact Center system, establishing the one-to-one connection between the two products.

Access the Contact Center account admin console: Zendesk provides a special account admin portal (distinct from the agent interface) for setting up and configuring customer accounts. It is accessible by Zendesk Admin users via the URL https://cc-admin.zende.sk Once logged in, ensure you select the appropriate pod in the admin tool (e.g., switch to Pod 31 | eu-west-2 (London) if your Connect instance is in London) so that any resources are created in the correct region.

To add a Zendesk for Contact Center account

  1. In the admin console, navigate to the section where you manage customer accounts. Click on “Create New Account”. A form will appear for entering the new account details.

  2. Fill in Account Details: Enter the required information for the client’s account. The exact fields may include:
    • (Account Details) Account Name: A descriptive name for the customer or project. You might use the company name and environment (e.g., “ClientXYZ Sandbox” or “ClientXYZ Production”). This name may also be used internally or in URLs, so keep it concise and identifiable.
    • (Instance Details) Instance Type: Choose according to the requirements of the project. For instance “Production” for a live account.
    • (Instance Details) Workspace ID: This will be automatically populated with the value entered in the field Account Name, but can be changed before saving the account. This will be used to form the URL to access the app and to link it to the Zendesk workspace.
    • (Plan Details) Licence Details: Here you will define the maximum number of agents planned for the account, the rate per agent, and the expiration date for the account.
    • (Zendesk Identifiers) Zendesk Instance Name: Enter the zendesk subdomain. The account ID will be automatically looked up and appear in the Zendesk Account ID field.
    • (Technical Contact) - Add a main technical contact for use in case Zendesk needs to reach out about the account.
    • (Feature Access) - Turn on/check the Advanced Dashboards feature. This is turned on by default. If turned off, the customer will not be able to utilise the Contact Center Dashboards app.
    • (Product Analytics) - This will remain unticked unless the customer has specified that we cannot send product analytics to third parties.
  3. After reviewing your settings and submitting the form, click Create Account.

    The system will create a new Contact Center account entry. After creation, you will see the new account listed in the admin console’s accounts list. At this stage, the account exists on the Zendesk side, but it’s not yet fully connected to the Connect instance. Essentially, we have informed Zendesk “here’s a customer account and here is which Connect it will use” – the actual linking happens in the next step with CloudFormation step.

  4. Verify Account Settings: You may click into the newly created account in the admin console to review its settings and confirm that the account has been successfully created. note that for the next step (Deploying CloudFormation Stack) you will need to use the button “Create Stack” visible at the bottom of the page for a newly created Account in the Contact Center.

You now have an Amazon Connect instance on AWS, and a Contact Center account in Zendesk.

Deploying the CloudFormation Stack in a new instance

To link Connect and Contact Center, you can use a CloudFormation stack provided by Zendesk. The stack is a pre-defined set of AWS resources and configurations that sets set up everything you need for the integration. This includes linking Connect with other AWS services such as Amazon Cognito for user management, Amazon Kinesis for streaming contact data, AWS Lambda functions for any custom logic, as well as establishing trust between Connect and the Contact Center app.

Before you start, make sure you have the following:
  • You must have access to the Contact Center Admin app, with permission to access the relevant instance.
  • Access can be requested by following this process.
  • Someone with access to the relevant AWS Console will need to perform part of the process - depending on the customer’s ability to share access, this may be a Zendesk employee or someone from the customer.

There are 3 scenarios from which a CloudFormation stack will need to be installed:

  • A new Contact Center instance that has never had a CloudFormation stack installed.
  • An existing Contact Center instance that has had a CloudFormation stack installed via the legacy (non-Admin app) method.
  • An existing Contact Center instance that has had a CloudFormation stack installed via the current (Admin app) method.

The process itself is similar across each of the above scenarios, with the differences being how automated the process is and how much manual review/updates may be required.

In the Contact Center account admin portal, for newly created accounts (created in the process described in the previous section), or accounts that have previously been integrated on a Legacy process, at the bottom of the page you will find a button titled: “Create Stack” for CloudFormation Integration. Here’s how to use it:

  1. Open the CloudFormation Stack Creator: In the newly created account’s settings in the account admin console, look for an option to set up the AWS integration. This will be the “Create a Stack” button. Press it in order to start creating the CloudFormation Stack (a new form will be presented to you):

  2. Enter Stack Parameters: Provide the required details for the CloudFormation template.
    1. (Stack Details) Stack Name: A name for the CloudFormation stack. You can choose something such as: <Account Name from previous section> + “CF” + “07-30-2025”. It is recommended to include a date in the Stack Name to ensure it is easy to understand when the stack was installed.
    2. (Stack Details) Stack Region: This is the region in which you will deploy your CloudFormation stack.
    3. (Instance Details) Amazon Connect Instance ARN: ARN stands for Amazon Resource Name, a unique identifier for AWS resources. You need to supply the ARN of the Connect instance you created. You can find this in the AWS console: go to the Amazon Connect service, and in the instance details page, look for the Instance ARN (it typically looks like arn:aws:connect:region:account-id:instance/xxxxxxxx-xxxx-....). Copy that from AWS and paste it into this field in the admin console. Click here for more information.
    4. (Authentication): For new installations, select the “New Setup” option and for the “Domain Prefix” enter the URL domain of your Connect account. Here, access your Connect account >> Navigate to “Account Overview” section >> from the Access URL which will have the following form: https://YOUR_DOMAIN_PART.my.connect.aws copy the <YOUR_DOMAIN_PART> section and use it to fill in the “Domain Profile” part.
  3. For existing installations, select the “Use an existing user pool and App Client” option and enter the User pool ID and App Client ID that are being used in AWS.
  4. (Features): Here, for the:
    • “Dashboard and Analytics” - make sure that the “Enabled” option is selected.
    • This is turned on by default and will remain turned on unless the customer has specified otherwise. This will turn on data flowing into the Contact Center Dashboards app, which is a separate app available via the Zendesk Marketplace (available for free to all Contact Center) customers.
    • (Resource Tags): These are optional.
  5. Launch the CloudFormation Stack: After filling in the necessary fields, click Launch Stack.
    In an open pop-up window you will have two options/paths to follow:
    1. Automated Launch: After creating the CloudFormation stack, you will be automatically redirected to the AWS CloudFormation Console with the template ready to deploy. This is convenient if you (or someone on your team) have access to the customer’s AWS account with sufficient permissions.
    2. Manual Template Copy: A button “Copy Instructions to Clipboard" can be used if you do not have direct access to the AWS account. This allows you to export the CloudFormation template (usually as a JSON or YAML file or a link). This link or export can then be used by the relevant team with AWS access to implement the CloudFormation stack.

  6. After actioning the CloudFormation stack, either directly from the account admin portal or by using the URL, will open a new browser tab/window taking you to AWS CloudFormation’s Quick Create Stack page with the template already loaded. You’ll see the stack name and parameters filled in as you provided. Scroll down to the bottom of the page and there you will see the section: “Capabilities and Transforms” => In that section check and mark all the acknowledgments and then click “Create Stack” after reviewing all the parameters to confirm they are accurate.

  7. Once initiated, CloudFormation will start creating resources. In the AWS CloudFormation console, you can watch the progress. It will list events such as “CREATE_IN_PROGRESS” for various components. This process can take a few minutes. The stack is doing a lot in the background: setting up IAM roles/policies, Lambda functions, Kinesis data streams, Amazon Cognito user pool and groups, configuring Connect settings, etc. Typically, if everything is set up correctly, this will complete without intervention. The status will change to CREATE_COMPLETE when done.

    While it runs, do not close the stack page.

    Tip: You can refresh your web browser to see updates, but we recommend waiting for the stack to complete. If the stack fails, it will roll back (you’ll see a status such as ROLLBACK_COMPLETE). If you have any problems, see the troubleshooting section below.

  8. When the CloudFormation stack shows CREATE_COMPLETE, the integration is complete. You have essentially “wired up” Connect and Contact Center. The CloudFormation template took care of all the previously manual steps. At this point, the following will be in place:
    • An Amazon Cognito user pool (and associated Identity Pool, if applicable) specifically for this Contact Center instance’s users.
    • An LMAdmin user group in Cognito (created by the stack) that will be used to designate admin users in Contact Center.
    • AWS Lambda functions or other services for features such as transcription, bots, etc., connected between Connect and Contact Center (the exact resources depend on the template’s scope).
    • IAM Roles/Permissions that allow Zendesk’s platform to access the Connect instance (within the limits needed) and vice versa, without exposing unnecessary access.
    • Possibly Connect configuration adjustments via API (for example, attaching Amazon Lex bots or setting up flow modules if the product requires, though many such things are likely optional or done later).
The key idea is that now, the Connect account, the Contact Center account, and the CloudFormation resources are all in place and connected:
  • Amazon Connect instance configured,
  • Contact Center account created, and
  • Integration stack deployed on AWS.

Post-Stack Steps:

Once the stack begins deployment, it will show in the Still deploying state. While in this state, you can click Check Status to check the completeness of the stack deployment. When it is fully deployed, it will appear as Ready to Activate.

After the stack is complete, the Zendesk admin portal will now show that the new Stack for the account is ready to be activated. Generally, once the AWS side is done, the Contact Center platform is ready to go live with that Connect instance.

Once you are ready to link the new stack, click Activate.

However, we’re not done with setup yet – we need to handle user access and a couple of final configuration tweaks. Next, we will set up a user in Amazon Cognito for logging into Contact Center and adjust Connect settings for a seamless login.

Setting up users and access

Now that the integration infrastructure is in place, make sure that users (agents or admins) can sign into Contact Center and that Connect will allow the connection. The following sections detail how to configure Cognito for a variety of SAML providers. The high-level requirement for configuring SSO is summarized and can be used as guidance for configuration of any new SAML providers that have not yet been documented.

Contact Center leverages Amazon Cognito for agent authentication, including Single Sign On (SSO). The benefits of this approach are:

  • No agent data is stored in the Zendesk environment. All agent data is stored in Amazon Cognito in the client's own AWS account
  • Amazon Cognito caters for user pools where users can manually be created, or
  • Amazon Cognito caters for SAML federation, which enables SSO, with most SAML providers
  • A SAML application (and associated xml configuration file) will be required.
    Note: To set up single sign-on (SSO) for Connect, configure the SAML application in the IAM Identity Center, which is often in a separate AWS account and region. However, the identity provider, role, and policy are established in the same AWS account as Connect.
  • The SAML application must have the following specified:
    Attribute Value
    ACS URL https://${yourDomainPrefix}.auth.${region}.amazoncognito.com/saml2/idpresponse
    Application SAML audience urn:amazon:cognito:sp:${yourUserPoolID}
    Application start URL (optional) Contact Center login URL
  • The SAML application must have the following two SAML attributes:
    SAML Attribute Maps to this string value or user attribute Format
    Subject ${user:email} Persistent
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress ${user:email}
  • Configure the identity provider in Cognito with the following attributes:
    User pool attribute SAML Attribute
    email http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

The following resources provide additional information about setting up SSO with various services:

  • AWS SSO
  • Azure AD
  • Okta
  • Google Workspaces
  • Cognito Userpools

Manually adding users using Cognito user pools (when not using SAML/SSO)

When the CloudFormation stack ran, it created an Amazon Cognito user pool for this Contact Center instance. The user pool is basically a directory of user accounts who can authenticate to Contact Center. It likely also created an App Client in Cognito (which the Contact Center web app uses to allow users to login), and an LMAdmin group for admin permissions. Our next step is to create at least one user in this user pool so we can test logging into Contact Center.

To manually add a user

  1. Navigate to the Cognito service in the AWS console. Under User pools, click the use pool you want to manage.

  2. Go to App client settings, Login pages tab, and edit the Managed login pages configuration.
  3. Change the Identity Provider to be the Congito user pool directory.
  4. In the Cognito user pool console, find the section for “Users” and choose “Create user” (or “Add user”). You will be prompted to enter details for the new user account:
    • Username: Choose a username (e.g., the person’s email or a simple name). For testing, you could use “testuser” or your own name.
    • Temporary Password: Set an initial password for the user. (Cognito may require the user to reset the password on first login, but for our internal testing we can set a simple one and optionally turn off the reset requirement).
    • Contact Info: Depending on settings, you might need to provide an email and/or phone number for the user (these can be used for password recovery or MFA). Use a valid email if possible so you could receive communications, or dummy data if not needed.
    • Account Status: Ensure “Mark phone/email as verified” is checked if you provided those and don’t want Cognito to expect a verification step. Also, check “Temporary password” so the user must change it on first login (for production users). For quick tests, you might allow them to keep the password – just be mindful of security.
    • Create the user. The new user will now appear in the user list for the pool.

This user now represents an agent (or admin) who can log into the Contact Center web app.

Enabling writeback from Contact Center to Zendesk

To allow Contact Center to send call recordings back to Zendesk after a call, turn on the Voice Post Call Lambda in AWS.

To turn on writeback

  1. Navigate to Lambdas in your Amazon Console.
  2. In the "Functions" section, search for "post". This returns a function with a name containing "VoicePostCa"
  3. Open this function, and on the Function overview page, select Configuration > Triggers from the navigation menus.

    ‍Contact Center Zendesk Voice Post Call Lambda function:

  4. For Kinesis, select its checkbox, then select Edit

  5. In the “Edit trigger” page, select “Activate trigger” and save the change

  6. For EventBridge, select the link in the name (blue highlighted hyperlink)

  7. In the EventBridge rule details page, select the “Enable” button at the top of the page

  8. Repeat the above steps for the following Lambda functions:
    • ContactLensEventsLambda
    • CTRIngestLambda

After all these steps have been completed, your Call transcripts will reflect in Zendesk from a Contact Center voice call.

‍

Note: If a dual stack upgrade - see the “Understanding the Key Components” section - is performed, then these triggers must be turned off on the old lambda and only then turned on on the new Lambda.

Adding a Contact Center admin user

By default, newly created users are regular users. If a user has administrator privileges in Contact Center (meaning they can configure Contact Center settings, view dashboards, etc.), they will need to be added to the LMAdmin user pool group that was created with the CloudFormation stack.

In the Cognito user pool, go to “Groups” and you will see a group named LMAdmin. Click on that group and add your new user to the group (there will be an option to select and add users to the group).

Note that if you use SSO, the users available to add to this group are only created after they have successfully logged into Contact Center at least once. Once added, this user will gain access to the settings and dashboard pages in Contact Center.

Note: Connect provides the core contact center capabilities that Contact Center builds on.

Configuring Amazon Connect approved origins

Connect includes a security setting that controls which web origins (domains) are allowed to embed or access the Connect streams (for example, the softphone/agent interface). Since Contact Center is a separate web app that links to Connect (through the browser, using Connect’s streams API and SAML login behind the scenes), we need to whitelist the Contact Center domain in the Connect instance settings. This ensures that when an agent uses Contact Center, Connect recognizes it and permits the connection.

To configure approved origins

  1. In the AWS console, open the Amazon Connect service and click on your instance’s name to view its details. There will be a section for “Approved origins”. This is where you can add the URLs to be approved.
  2. Enter the origin (domain URL) for the Contact Center web app that agents will use. Typically, Contact Center is accessed via a web app URL – for example, it could be something such as
  3. Add the following URLs:
    • https://${Zendesk Instance Name}
    • https://1162892.apps.zdusercontent.com
    • http://1162894.apps.zdusercontent.com

    Where the variables are as follows:

    • ${Zendesk Instance Name} - Instance name for the zendesk account with the full domain. For example https://demoinstance.zendesk.com
  4. Save the Settings: After adding the allowed origin, save or apply the changes. Connect will now trust requests coming from that domain.

Why this matters: If you skip this step, when a user tries to log into Contact Center, and it tries to silently open the Connect stream or perform actions via the Connect APIs, it may get blocked due to CORS (cross-origin request) restrictions. Whitelisting the domain prevents that issue. It’s a one-time setup for each Connect instance and integrating app.

With the Cognito user in place and the Connect origin set, the integration setup is essentially complete. You can now test the end-to-end functionality.

To test your contact center

  1. Log out of the Contact Center admin console and navigate to the Contact Center agent login page https://${Zendesk Instance Name}/agent. It will present a login – which is backed by the Amazon Cognito user pool you created or SSO login.
  2. Try logging in with SSO or the user credentials you set up in Cognito (username and password).
  3. Upon successful login, you will enter the Contact Center independent interface. This web app will link to Connect in the background (using the allowed origin we set and the integration configuration we deployed). If your Connect instance is brand new, there might not be much to see yet (no contacts coming in, etc., unless you set up a phone number or chat). However, you can verify connectivity by seeing if the Connect softphone/agent status controls load in Contact Center.

    For example, you might see your Connect agent status (Online/Offline) indicator in the Contact Center UI and be able to change status or make a test outbound call if numbers are claimed. This indicates the integration is working.

Installing the Contact Center app in your Zendesk account

You're now ready to install the Contact Center app in your Zendesk account.

To install the Contact Center app

  1. In your Zendesk account, navigate to Admin Center.

  2. Navigate to Zendesk Support Apps.

  3. Open the Marketplace.

  4. Search for Zendesk for Contact Center in the Marketplace.

  5. After the Contact Center app has been installed in your Zendesk account, navigate to Admin Center > Apps and Integrations > Apps > Zendesk Support apps > the newly installed Contact Center app.

  6. Select the app and update the following settings using your existing Contact Center instance URL:
    • Title: It is advised to leave this name as is.
    • Contact Center Workspace: Once you have your Contact Center environment set up, you can retrieve this workspace value from the URL of your standalone Contact Center environment.
    • Zendesk for Contact Center Region: Once you have your Contact Center environment set up, you can retrieve this region value from the URL of your standalone Contact Center environment.
    • Enable role restrictions: With this optional setting you can limit specific roles to have access to the Contact Center app.

      id="image_btf_shm_vgc" width="300"

    • Enable group restrictions: With this optional setting you can limit specific groups to have access to the Contact Center app.
  7. After the fields have been filled, save the changes.

The Contact Center app will now appear in the top right corner of your Zendesk instance.

Configuring the Contact Center app

Now that you've installed the Contact Center app, you can configure its settings.

To configure the Contact Center app

  1. After the Contact Center app has been installed in your Zendesk environment, navigate to your Zendesk Admin Center > Apps and Integrations > API Tokens.

  2. From here, select the “Add API token” button and give the token a recognizable name indicating it will be used to connect the Contact Center app to your Zendesk account.

    After saving the new token, copy the token string and keep it handy for the next steps.

  3. Navigate to the Contact Center App, navigate to the Admin Settings.

  4. Click on the Zendesk Settings page (Indicated by the Zendesk symbol on the left-side navigation bar. From here you will see the helpful “Get started” guide for getting your Contact Center app connected to your Zendesk account.
  5. Expand the Your Zendesk Account panel, then click Edit.

  6. Paste the API key you copied previously, and Zendesk admin email address into the form that pops up.
  7. Click Connect Account.

    You are presented with a page to set up your preferred ticket creation rules for Zendesk, as well as how transcripts and recordings will be handled. If you are unsure of what these settings should be set as at this point, you can leave them and come back to update them at a later time.

  8. Click Complete.

    The Contact Center app and your Zendesk account are now linked.

  9. In your Zendesk environment, perform a hard refresh of your browser.
  10. Select the Phone icon in the top-right corner of the page to open the Contact Center app.

  11. Click Continue
  12. Sign in using the login and authentication process set up for your account.
  13. Perform a test call by setting up a new number in the Connect Dashboard, linking it to a new or preconfigured Contact Flow, and confirm whether the call reaches your agent in Zendesk through the app.

Congratulations – you have now set up a functioning integrated contact center!

Next steps

Now you've completed the installation, here are some useful resources to get you started using Contact Center.

  • Accessing workflows in Contact Center
  • Contact Center general integration settings
  • Mapping and displaying Contact Attributes
  • Manually associating Contact Center calls to tickets
  • Accessing call recording and transcription settings in Contact Center

Troubleshooting

In this section, you'll learn about a few common issues and how to address them.

  • CloudFormation Stack Failure (Rollback): If the CloudFormation stack does not deploy successfully on the first try, it might be because something was not configured correctly. In this case, the stack creation will fail and automatically roll back to the original configuration.

    For example, if the stack initially failed with an error related to “Subscribe CTR (Contact Trace Records) Stream”. This message indicated that a particular resource couldn’t be created. To diagnose, you can open the stack details and look at the event where it failed. In this example, it’s likely a prerequisite was missed: Amazon Connect’s Contact Trace Records streaming was not turned on. The “CTR stream” refers to Connect’s contact data stream (using Amazon Kinesis). The CloudFormation was attempting to set up a connection for streaming contact data, but since no Kinesis stream was defined in Connect, it failed.

    Solution:

    • See section “1. Set Up a Connect Instance” step “7. Kinesis Data Streaming”
    • Takeaway: If the CloudFormation stack fails, carefully read the error message or check the Events tab of the stack in AWS for the failed resource. Common issues could be missing permissions or missing pre-configuration. For instance, ensure:
      • The Connect instance is in a state ready for integration (if it needs any specific setting turned on such as streaming, do that first).
      • The parameters you entered (such as the Connect ARN) are correct.
      • You have the necessary AWS permissions to create all the resources (lack of IAM permissions could cause failure; typically you need admin rights on the AWS account to deploy this stack).
  • Data Streaming or Storage: If your CloudFormation stack creation fails at the ConnectDetails step, this could be due to the Data Streaming or Data Storage configurations not being set up as expected by the stack. These settings will be checked in your Connect instance in the AWS Console.
    • Data Streaming - Ensure that as mentioned in step 1.7 Kinesis Data Streaming that it is set up as the “Kinesis Stream” option and not the “Kinesis Firehose” option.
    • Data Storage - Ensure that the “Call recording”, “Chat transcripts” and “Export reports” S3 buckets are set up and turned on in the Data Storage section in Connect.
  • Allowed Origins / Login Issues: After setup, if users cannot log in or the agent desktop isn’t connecting to Amazon Connect, double-check the Approved Origins in the Connect instance. If the domain was incorrect or not added, the connection will be blocked. Add the correct domain and try again. If users still can’t log in, ensure they exist in Cognito or SSO platform and have the right credentials.
  • Cognito user pool Tips: When testing logins, remember that if a Cognito user is created with a temporary password, the first login must be done in a flow that allows password change. The Contact Center login interface might handle this by prompting a reset. If not, you might need to manually set a permanent password for the user in the Cognito console (you can choose “Set password” for the user and turn off the force-reset option). For long-term, advise clients on setting up an identity provider or managing users according to their IT policies.
  • Rollback Cleanup: If a CloudFormation stack fails and rolls back, it usually cleans up all resources it attempted to make. However, it’s good to verify that partial resources (such as a Cognito user pool or IAM roles) weren’t left behind. Usually CloudFormation removes them, but if you see any orphaned resources, you might remove them manually to avoid confusion before retrying.
Powered by Zendesk