Does Zendesk Support OpenID Connect?

20 Comments

  • Joey

    Hi Ryan-

    At one time we supported the OpenID protocol, but that has since been deprecated from what I have seen after some research. We do not currently support OpenID Connect, and using Zendesk to authenticate users in this fashion is not possible at this time.

    I will be moving this over to Product Feedback for other community members as well as our own Product team can continue to engage/upvote.

    1
  • Ryan Vogel

    Thanks for the reply Joseph.

    Not sure if it helps the Product team with use cases, but my ideal scenario would be as follows. The separate web app is a developer portal with API documentation and the like. External users who have access to my Zendesk site should also have access to the developer portal, preferably without another login (e.g. Zendesk as an OpenID provider).

    I will find a different solution, but I look forward to the outcome of this product request.

    1
  • Marc Peyer

    I'd have also a use case here for OpenID connect. I'd like to use Azure B2C as the OpenID connect provider and use Accounts configured in B2C to sign in to Zendesk. This would allow us to provide our customers SSO across several applications amongst one is Zendesk.

    Would be great to have OpenID connect or OAuth 2.0 protocol support in Zendesk for user authentication. (I know OAuth is supported for API calls, but I can't see a way using it for delegating user authentication)

    1
  • Richard Bowman

    As far as I can tell, I literally just signed into this site with OAuth to Google, so are we sure this isn't supported? I'd like to enable our AWS Cognito-based applications to pass user IDs over to Zendesk for support submissions.

    1
  • Denis BOUQUET

    I am in a similar case. We would like to have our users to all be AWS user pool across Zendesk and an other website we manage. Is that possible?

    0
  • Nicole S. - Community Manager
    Zendesk Community Team

    HI Denis - 

    I don't believe anything has changed since Joseph's comment from last May. 

    0
  • Jared Babinec

    Curious, is this still unsupported? 

    0
  • Nicole S. - Community Manager
    Zendesk Community Team

    Hey Jared -

    That's correct, it remains unsupported at this time.

    0
  • Eric Sirianni

    I'm curious why Zendesk continues to support and maintain a homegrown one-off JWT SSO protocol whereas a standard JWT-based protocol like OpenID Connect has not been prioritized?

    2
  • Nicole S. - Community Manager
    Zendesk Community Team

    Hey Eric -

    That's not information we're at liberty to share here.

    0
  • Jake Burgy

    Is ZenDesk any closer to (re-)implementing OpenID Connect?

    It seems rather silly to support "JWT" and call your SSO "JWT SSO" without supporting OpenID Connect, or even just OAuth 2.0 with a JWT payload.

    OpenID Connect isn't as widely adopted, but why not support OAuth 2.0 as a RP with a possible JWT payload?

    Your customers that have IdPs with other solutions want to be able to sign in to ZenDesk with those IdP's, and by having a custom solution instead of an industry standard (RFC) protocol supported, it makes it difficult to make those integrations happen.

    3
  • Callie H

    +1 for supporting OIDC. We need this to integrate with the rest of our enterprise auth system.

    0
  • Bryan - Community Manager
    Zendesk Developer Support

    Hi Jake and Callie. These are good points and add weight to this request. While no commitment has been made, these posts are reviewed by product management. I'll also pass along your latest comments.

    0
  • Caroline Kello
    Zendesk Product Manager

    Hey hey,

    I'm Caroline from the Product team and I currently own our Authentication Service, which includes our different auth methods. Brian is correct that we've not committed it to our roadmap to add OpenID to the list of auth methods but I appreciate the feedback. I'll loop back on this thread if our roadmap changes and let you know. 

    Please continue to add your use cases to the thread! Cheers

    0
  • Niclas Kårlin

    Hello. We're also trying to make an Azure B2C for our customers to login to Zendesk, Aha and Litmos, together with our normal Azure B2B that is our company's domain (maybe it's not called that, I'm not a IT pro).

    Microsoft struggle with how we should do this. Is this what we are missing? Is it developed yet? 

    0
  • Bryan - Community Manager
    Zendesk Developer Support

    Hello Niclas Kårlin,

    Zendesk Support itself is not an identify provider (like Google or Facebook), but there are a number of ways to authenticate into it for API requests. See How can I authenticate API requests?

    There are also a number of ways to integrate with identify providers. See SSO (single sign-on) options in Zendesk

    Since you're talking about logging in across multiple systems, it sounds like it's the SSO functionality that you're looking for (versus using Zendesk as an "identify provider"/iDP solution, which is what this thread is about). Hope this helps!

    0
  • Jake Burgy

    Hey Bryan,

    Maybe that's the confusion here - because that is what this thread is about. You have it backwards.

    People want ZenDesk to act like the RP (Relying Party) in an OpenID scenario where they are bringing their own IdP's such as an Azure AD, Google, or other custom IdP tenant. We aren't asking that Zendesk be an IdP - though I could see scenarios where that may be useful, that should be a separate discussion.

    Take a look at the original request: Can I use Zendesk to authenticate Zendesk users on behalf of another application? (like Google Sign In)

    In that question, Google is the IdP (which holds the user account), and Ryan wants to be able to authenticate (or, more accurately, authorize) into Zendesk using a Google account (via OpenID Connect).

    Zendesk already supports a proprietary mechanism that utilizes JWT tokens - so all you would need to do is enhance that custom implementation to adhere to the OIDC 1.0 standard (which is really just OAuth 2.0 with some extra bits).

    Is there an ETA on Zendesk adding support for the OAuth 2.0 or OpenID Connect protocols as a Relying Party (RP)?

    0
  • Bryan - Community Manager
    Zendesk Developer Support

    Hi Jake Burgy -- you're right and apologies for creating confusion here. Thank you, too, for providing those additional details to make clear what's being discussed in this post.

    This issue was surfaced again last year with product management, which is when Caroline Kello replied. There haven't been any announcements since then for supporting this, so the expectation should be to find or continue with alternatives.

    As you've pointed out before, it is definitely a valid use case and painful not to have for those who are using an OpenID Connect based IdP. I'll go back and highlight to product management the continuing discussion here.

     

    Niclas Kårlin,

    "Would the missing feature make this work?"

    It sounds like it might -- but as mentioned, OpenID Connect is not supported. You also mentioned ADFS -- this article may help there: Setting up single sign-on using Active Directory with ADFS and SAML. Also see SSO (single sign-on) options in Zendesk.

    0
  • Sergey Sakhonchyk

    The same problem here. We were trying to make integration between Azure B2C and  Zendesk and basically failed. Standard Azure AD accounts work as expected but not B2C local accounts.

    0

Please sign in to leave a comment.

Powered by Zendesk