Fine Tuning: Optimizing security in your Zendesk

10 Comments

  • Manda Choi

    Hi everyone! Part 1 is now posted - come and check it out!

    0
  • Colin Piper

    Manda, thanks for posting. I am going to start with a bugbear of mine and that is that you can only assign the Spam permission to agents if you are willing to give them rights to delete tickets. Currently I give them a SPAM macro which simply puts the tickets in a queue for me. It is quite surprising what some of my agents consider as spam (even emails form the CEO) so perhaps the way I do things is best for now :)

    I haven't implemented IP Restrictions as part of why I chose Zendesk in the first place was for the ability to use it from anywhere. One thing that would help however is if the Audit log also included where and when agents logged in. 

    0
  • Manda Choi

    Thanks for your feedback on both points, Colin.  We're constantly looking for ways to improve our product, so I'll be sure to share your feedback with the appropriate teams here.

    0
  • Manda Choi

    Part 2 is now up...feel free to post comments or questions here!

    0
  • Manda Choi

    Come by to read my final piece on optimizing security in your Zendesk accounts.

    0
  • Ben Rohrs

    @Collin, I understand your frustration but we've restricted the ability to mark as spam for that very reason. Also, the resulting user suspension has serious consequences.

    Your request to add more agent authentication events to the Audit Log is a good one, but I'm wondering if it would be more useful if shown instead on a user's profile? I'm concerned about a high level of noise in the Audit Log for accounts with a large number of users.

    0
  • Colin Piper

    Ben, it was not "frustration", just a bugbear. You can unsuspend a user but you cannot undelete a ticket so when agents delete a ticket for any other reason, I have an issue. At least when they delete a ticket as spam, there is a strong possibility that we did not want that ticket.

    I understand what you mean about the audit log but "noise" does not seem like a good reason to split similar data in to multiple places. Perhaps a filter option would be beneficial for the type of audit entry.

    0
  • Ben Rohrs

    @Colin: a filter option would be a great way to hide/show these type of events

    0
  • Ian Stokes-Rees

    We are using ZenDesk in a setting where some of our clients are working on topics that require sensitivity to the visibility of their support requests and confidence that only a limited set of approved agents can see and work with those tickets.  Does ZenDesk support such constraints?

    Furthermore, these same clients would prefer to use anonymized accounts where their only interaction with the support system is via the web interface: they do not expect to receive emails and will not provide email addresses.

    Is that kind of interaction pattern possible?

    0
  • Dominic Torkovsky

    Hello Ian,

    yes, it is possible to define such access restrictions as you described them. In Zendesk that means defining "custom agent roles". That is feature which is available on Enterprise plans and you find more about this here:

    Through that you can define an agent's access to tickets, the types of comments they can make, and their editing permissions.

    Also customers could create a generic Mailaccount for themselves and use that to login to your Help Center. From there they can access their tickets, see the communication and reply. In this video, starting from 1:04 min, you will see how the user perspective looks like. They see a list of their tickets in "My activities":

    You find all infos about creating your own Help Center here:

    https://support.zendesk.com/hc/en-us/articles/203664346-Getting-started-with-Help-Center#topic_ol5_3fd_43

    I hope that helps,

    0

Please sign in to leave a comment.

Powered by Zendesk