Does Zendesk Support OpenID Connect?

Planned

39 Comments

  • Official comment
    Max McCal
    Zendesk Product Manager

    Creating a new update for this thread to help keep people up to date. We appreciate everyone's feedback. At this time, OIDC is not currently on our short term roadmap. We still believe supporting it is important, but have chose to focus on improving the configurability of our authentication options for all users before expanding the kinds of options we can support. I'm sure this is frustrating for some, especially those paying attention to this thread. Prioritization is hard, but we're confident that our upcoming releases will add the most value to the most of our customers. When we are able to confirm that we have more concrete and immediate plans, we'll update again.

  • Joe May | Zendesk

    Hi Ryan-

    At one time we supported the OpenID protocol, but that has since been deprecated from what I have seen after some research. We do not currently support OpenID Connect, and using Zendesk to authenticate users in this fashion is not possible at this time.

    I will be moving this over to Product Feedback for other community members as well as our own Product team can continue to engage/upvote.

    1
  • Ryan Vogel

    Thanks for the reply Joseph.

    Not sure if it helps the Product team with use cases, but my ideal scenario would be as follows. The separate web app is a developer portal with API documentation and the like. External users who have access to my Zendesk site should also have access to the developer portal, preferably without another login (e.g. Zendesk as an OpenID provider).

    I will find a different solution, but I look forward to the outcome of this product request.

    1
  • Marc Peyer

    I'd have also a use case here for OpenID connect. I'd like to use Azure B2C as the OpenID connect provider and use Accounts configured in B2C to sign in to Zendesk. This would allow us to provide our customers SSO across several applications amongst one is Zendesk.

    Would be great to have OpenID connect or OAuth 2.0 protocol support in Zendesk for user authentication. (I know OAuth is supported for API calls, but I can't see a way using it for delegating user authentication)

    1
  • Richard Bowman

    As far as I can tell, I literally just signed into this site with OAuth to Google, so are we sure this isn't supported? I'd like to enable our AWS Cognito-based applications to pass user IDs over to Zendesk for support submissions.

    3
  • Denis BOUQUET

    I am in a similar case. We would like to have our users to all be AWS user pool across Zendesk and an other website we manage. Is that possible?

    0
  • Nicole Saunders
    Zendesk Community Manager

    HI Denis - 

    I don't believe anything has changed since Joseph's comment from last May. 

    0
  • Jared Babinec

    Curious, is this still unsupported? 

    0
  • Nicole Saunders
    Zendesk Community Manager

    Hey Jared -

    That's correct, it remains unsupported at this time.

    0
  • Eric Sirianni

    I'm curious why Zendesk continues to support and maintain a homegrown one-off JWT SSO protocol whereas a standard JWT-based protocol like OpenID Connect has not been prioritized?

    3
  • Nicole Saunders
    Zendesk Community Manager

    Hey Eric -

    That's not information we're at liberty to share here.

    0
  • Jake Burgy

    Is ZenDesk any closer to (re-)implementing OpenID Connect?

    It seems rather silly to support "JWT" and call your SSO "JWT SSO" without supporting OpenID Connect, or even just OAuth 2.0 with a JWT payload.

    OpenID Connect isn't as widely adopted, but why not support OAuth 2.0 as a RP with a possible JWT payload?

    Your customers that have IdPs with other solutions want to be able to sign in to ZenDesk with those IdP's, and by having a custom solution instead of an industry standard (RFC) protocol supported, it makes it difficult to make those integrations happen.

    2
  • Callie

    +1 for supporting OIDC. We need this to integrate with the rest of our enterprise auth system.

    1
  • Bryan Flynn

    Hi Jake and Callie. These are good points and add weight to this request. While no commitment has been made, these posts are reviewed by product management. I'll also pass along your latest comments.

    1
  • Caroline Kello
    Zendesk Product Manager

    Hey hey,

    I'm Caroline from the Product team and I currently own our Authentication Service, which includes our different auth methods. Brian is correct that we've not committed it to our roadmap to add OpenID to the list of auth methods but I appreciate the feedback. I'll loop back on this thread if our roadmap changes and let you know. 

    Please continue to add your use cases to the thread! Cheers

    1
  • Niclas Kårlin

    Hello. We're also trying to make an Azure B2C for our customers to login to Zendesk, Aha and Litmos, together with our normal Azure B2B that is our company's domain (maybe it's not called that, I'm not a IT pro).

    Microsoft struggle with how we should do this. Is this what we are missing? Is it developed yet? 

    1
  • Bryan Flynn

    Hello @...,

    Zendesk Support itself is not an identify provider (like Google or Facebook), but there are a number of ways to authenticate into it for API requests. See How can I authenticate API requests?

    There are also a number of ways to integrate with identify providers. See SSO (single sign-on) options in Zendesk

    Since you're talking about logging in across multiple systems, it sounds like it's the SSO functionality that you're looking for (versus using Zendesk as an "identify provider"/iDP solution, which is what this thread is about). Hope this helps!

    0
  • Jake Burgy

    Hey Bryan,

    Maybe that's the confusion here - because that is what this thread is about. You have it backwards.

    People want ZenDesk to act like the RP (Relying Party) in an OpenID scenario where they are bringing their own IdP's such as an Azure AD, Google, or other custom IdP tenant. We aren't asking that Zendesk be an IdP - though I could see scenarios where that may be useful, that should be a separate discussion.

    Take a look at the original request: Can I use Zendesk to authenticate Zendesk users on behalf of another application? (like Google Sign In)

    In that question, Google is the IdP (which holds the user account), and Ryan wants to be able to authenticate (or, more accurately, authorize) into Zendesk using a Google account (via OpenID Connect).

    Zendesk already supports a proprietary mechanism that utilizes JWT tokens - so all you would need to do is enhance that custom implementation to adhere to the OIDC 1.0 standard (which is really just OAuth 2.0 with some extra bits).

    Is there an ETA on Zendesk adding support for the OAuth 2.0 or OpenID Connect protocols as a Relying Party (RP)?

    2
  • Bryan Flynn

    Hi @... -- you're right and apologies for creating confusion here. Thank you, too, for providing those additional details to make clear what's being discussed in this post.

    This issue was surfaced again last year with product management, which is when @... replied. There haven't been any announcements since then for supporting this, so the expectation should be to find or continue with alternatives.

    As you've pointed out before, it is definitely a valid use case and painful not to have for those who are using an OpenID Connect based IdP. I'll go back and highlight to product management the continuing discussion here.

     

    @...,

    "Would the missing feature make this work?"

    It sounds like it might -- but as mentioned, OpenID Connect is not supported. You also mentioned ADFS -- this article may help there: Setting up single sign-on using Active Directory with ADFS and SAML. Also see SSO (single sign-on) options in Zendesk.

    1
  • Sergey Sakhonchyk

    The same problem here. We were trying to make integration between Azure B2C and  Zendesk and basically failed. Standard Azure AD accounts work as expected but not B2C local accounts.

    1
  • Tal Tsror

    When ca we see this gets implemented? 

     

    1
  • Christopher Boerger

    +1 for supporting OIDC. We need this to integrate with the rest of our enterprise auth system.

    2
  • Chris Mobberley

    +1 for this also.

    We will have customer profiles sat in Cognito user pool, B2C should have been easy to do but we will need to implement the custom JWT (remote authentication) route I assume based on these comments.

    Our business / agent users will be in AzureAD, therefore B2B is fine.

    2
  • Jake Edwards

    Looking for a B2C Azure AD support also.

    1
  • Caroline Kello
    Zendesk Product Manager

    Hey folks,

    Thanks for dropping your feedback in here over the last couple of years - it's very much appreciated.

    We agree that this is a standard that we need to adopt and have OpenID Connect on our 9-month roadmap. We'll continue to work with the Community team to keep you updated as development starts and the project progresses.

    Thanks again for adding your voice to the chorus. 

    0
  • Jake Edwards

    Ooh, progress, fabulous!

    This would be a big solve for us.

    1
  • Brian Kneebone

    +1 for OIDC, we have application teams wondering why we chose this platform without basic federated sign-in for business. Looking forward to seeing this implemented so we can move away from the JWT sign-in.

    3
  • Steve Smoot

    Also looking for Cognito support for customer (not agent) logins.

    0
  • Diego Martin

    The last thing I know is that in August 2021 there were plans to include OpenID Connect support in the 9 months roadmap.

    I'm also looking to delegate authentication to our own OpenID Connect provider. Is there any beta version or any place to check the status?

    2

Please sign in to leave a comment.

Powered by Zendesk