Recent searches
No recent searches
Help Center: End User Authentication - Bypassing SSO/SAML
Posted Dec 08, 2021
Background:
I have a question regarding Help Center "End user" authentication. We have two categories of "End users":
A.) Internal <our company> product users that we want to authenticate via SSO/SAML
B.) External paying <our company> product users that we want to authenticate with Zendesk authentication (Email address and password)
Question:
Is there an alternative Help Center URL similar to the Support service where a user is allowed to bypass the SSO/SAML authentication?
For the Support URL, we can append "/access/normal" to achieve the goal of bypassing SSO/SAML authentication. Such as "https://your_subdomain.zendesk.com/access/normal". But this same strategy does not work for the Help Center, appending "/access/normal" to our Help Center's URL.
We are seeking a similar option for the Help Center service.
Please reference this Support service KB article:
https://support.zendesk.com/hc/en-us/articles/4408882128666-Accessing-your-Zendesk-account-when-your-SSO-service-is-down
0
5 comments
Official
Barkha Bhatia
We have done a product enhancement to allow SSO and Zendesk native to co-exist please check this out for more details
https://support.zendesk.com/hc/en-us/articles/5380943678106-Providing-multiple-sign-in-options-for-team-members-and-end-users
0
Jeff C
Hello Karl,
When both are enabled for End-Users, it will always redirect to the SSO login page and its not possible to show both authentication pages (SSO and Zendesk login page) at the same time.
I'm curious to know when you say the access/normal does not work. If an end user goes to subdomain.zendesk.com/access/normal and login with Zendesk credentials, it will redirect to the Help Center. Perhaps you are adding /hc in the path?
This is not a recommended workflow though as this path should only be used if SSO is down essentially.
0
Karl Schoppe
Hi Jeff,
Thanks for information. I will give that a test with a user with only "End User" permissions. I didn't think to try that because the access/normal worked with my elevated permissions for the Support service, meaning bypassed the SAML/Okta authentication.
Also, can you please confirm if Zendesk is planning to allow for multiple authentication modes for External Users? Including SSO for Internal and Zendesk accounts (user name / password) for external (customer) users.
Thanks,
Karl
0
Karl Schoppe
Also, can someone please explain why use of the /access/normal is not a recommended workflow until Zendesk provides multiple authentication methods simultaneously for End User access, SSO for internal End Users and Zendesk username / password for External End Users?
0
Jeff C
Hi Karl,
I've checked if this is somewhere in the roadmap and I am afraid that it isn't and I do believe that this is a good feature to have hence marked this is as product feedback. What we do support currently is split authentication if it's from different segments such as agents vs end users but not currently for the same user segment.
Using the access/normal path is not a recommended workflow to the sense that it was designed to be a backup service in case your SSO service is down. That said, it is up to you if you still would like to go that route.
0