End-users signing in using our company login credentials

Answered

6 Comments

  • Erica Girges
    Zendesk Developer Advocacy

    Hi Allen,

    Thanks for reaching out! You can require customers to login before gaining access to your help center. This would ensure that you have verified the customer and their info prior to any requests they submit. We have a walkthrough of how to do that here.

    As of now, we don't have a distinct option to only restrict access to request forms. My suggestion would be to utilize this article. It's not doing exactly what you're looking for, however, it could be implemented to look for specific customer information (that would only be available if they were signed in) prior to providing access to your request forms.

    Hope this helps!

    Erica - Dev Support

    0
  • Allen Lai | Head of CX at Otter.ai

    Hi Erica Girges,

    Thanks for the tip, but there has to be a more elegant way. Perhaps I'm not explaining it right and will try again.

    • Currently, we allow anyone to submit tickets. Eventually, we want to restrict this to actual customers.
    • Using Zendesk's APIs, we are creating end-users in Zendesk in the background. E.g. when a new user signs up with my company, we will trigger a Zendesk endpoint to check if that user's email exists in our Zendesk instance. If so, we'll make sure they have the correct subscription plan associated with them (e.g. "Pro plan"). If not, we'll seamlessly create the Zendesk end-user in the background. We'll do something similar if a user upgrades their subscription plan with us (e.g. Pro user upgrades to Business).
    • When a user visits our Help Center and clicks on "Submit a request", we want them to sign in to the Zendesk account we've created for them by signing in to their account with us (not Zendesk) for authentication. Essentially using our login page as a form of SSO. If they're already signed in to their account with us, they will be seamlessly signed in to their Zendesk account. In doing so, we'll have their email, name, and subscription plan information.

    I hope that makes sense.

    1
  • Erica Girges
    Zendesk Developer Advocacy
    Hi Allen,
     
    Thank you for the clarification. My apologies for misunderstanding initially. It appears you're looking for a way for your customers to only need to sign in with their regular customer account on your end as opposed to also requiring a separate customer login for any Zendesk related software. One sign-in to access both services/accounts. For this type of SSO, I would recommend looking into using JWT. This would allow you to authenticate the user on your end with their login. You'll be handling all the authentication on your end. Once authenticated, that info can be passed to Zendesk. This will allow us to know whether or not the customer has been authenticated by you. If that answer is yes then they will not be required to enter any additional login credentials. We essentially will trust your authentication and allow the customer to proceed with submitting requests through their Zendesk instance. If the customer has not logged in on your main page and is trying to access your request form through your help center, they can be rerouted back to the initial login page to authenticate them first. To learn more about enabling JWT and seeing if this might be a good fit for your needs I recommend checking out this [article](https://support.zendesk.com/hc/en-us/articles/4408845838874).
     
    Erica - Dev Support
    1
  • This is perfect! Thank you!

    1
  • API System

    Hi Erica Girges

    We are already using SSO / JWT with our website and it works as intended but our customers must click on the login link in help center. If they are already connected in our website, they are authenticated using JWT and redirected.

    We want a smoother experience : is there a way to automatically log end users in Zendesk once they have logged in our website ? Maybe with some API calls in background on their behalf ? 

    Thank you

    0
  • Eric Nelson
    Zendesk Developer Advocacy
    Hey Julien, 

    Unfortunately the JWT authentication needs to be kicked off manually by the client to the auth server to ensure that the handshake is valid. If this were to be initiated via a service on behalf of the user, there is a good chance of exposing attack vectors to bad actors. Auth0 has a really good article explaining this if you'd like to take a look.

    Hope this helps,
    0

Please sign in to leave a comment.

Powered by Zendesk