Recent searches
No recent searches
direct access to https://stratus.zendesk.com/access/jwt?jwt=<token> without passing through configured login url
Posted May 20, 2022
I would like to enable SSO in Zendesk such that the users already authenticated in my application can access the Zendesk helpdesk without a login step. The users are authenticated by different IDPs and there is an ever growing number of them (we use a multi tenant approach with one keycloak realm per tenant).
My understanding from the docs is that I have to do a custom implementation for the Zendes JWT SSO mechanism in my system since it does not follow any standard.
Since the users in my application are already authenticated in my application there is no need to redo the authentication step . Hence I construct the Zendesk JWT token and send it directly to https://myapp.zendesk.com/access/jwt?jwt=<token>&return_to=https://myapp.zendesk.com/hc without accessing the https://myapp.zendesk.com/hc first and relying on the redirect by zendesk to the configured login url. Zendesk reads the token just fine and authenticates the user and redirects to the helpcenter at https://myapp.zendesk.com/hc. However this call then returns a 404 Page not found. Even though the help center exists. There is most probabely somthing in a cookie by Zendesk that triggers this strange error message. Since I can only access the help center again, if I delete all cookies.
Is there something I can do to make this work? Or is the redirect call mandatory, if so why?
0
4 comments
Dainne Kiara Lucena-Laxamana
Hi Magdalena Luz!
Yes, the redirect call is mandatory. SSO is used to authenticate if that user does have access to the Guide products. So the redirect is the one confirming if they have access to your Help Center. Please do let me know if the error 404 is still an ongoing issue for your team so I can help you look into that.
0
Magdalena Luz
Thanks for your answer, what I don't understand about it, all our users have access to the Help Center, that is why we want to use SSO, and that is the point of SSO... we authenticate them and Zendesk must trust us that we do it right in our App. There is no way for Zendesk to check that because none of our users is registered with Zendesk. We construct the Zendesk token and with this we say she is fine. So why exactly do you need the redirect?
1
Dainne Kiara Lucena-Laxamana
Hi Magdalena!
The purpose of SSO is to use a different authentication method (not Zendesk) that will allow them access to Zendesk. Once they are authenticated in SSO, they will return back to Zendesk. For example, if it's an agent it will route to the Support dashboard. If it's an end-user, it will route back to the Help Center page. That is the purpose of the redirect.
Hope this helps!
0
Leerlinq Support
Hello Magdalena,
did you make it work? We are in a similar situation …
I hope you will share your solution.
Thanks in advance.
Lucy
1