Recent searches
No recent searches
JWT Sign-in Should Create Organization
Posted Jun 03, 2022
Feature Request Summary:
When using JWT to sign in a user from our system into our Zendesk instance, passing the organization attribute in the token should create the organization if it does not exist. Or at least make it a configurable option if existing customers rely on current behavior.
Description/Use Cases:
We have setup Zendesk so that users must have an account and be logged in to view 80% of our knowledge base content. That account comes from our system via the JWT auth mechanism. We have links in our app to view help content or create a ticket. These links send over the JWT Token. So the process is pretty seamless for the end user.
Our problem is that we have hundreds of organizations in our own system. We want to use Zendesk's organization feature to group users and tickets. So we pass the organization name in the JWT token to Zendesk to associate the user to the correct organization. The current functionality is that if the organization does not exist, then nothing happens.
This is much different than other systems like SAML and SCIM. If the attribute doesn't exist (e.g., Department in SAML, Group in SCIM) then that item is created in the 3rd party system. Without this behavior, additional, needless work to synchronize data would be required.
The same should happen with Zendesk's JWT support: the data (organization, in this case) that doesn't exist should be created. The user didn't exist before the first JWT authentication. How absurd would it be if the same rule was applied and Zendesk forced us to create the user before JWT authentication would work?
Business impact of limitation or missing feature:
Without this feature, we have 2 options:
1. Manually create the organization via the UI or via a CSV import
2. Automate this via API calls from our system
The first is simply not a viable option. We have new accounts created daily.
The second forces us to build an integration where one wasn't required. Now we have to bring in the appropriate libraries, learn how to use them, write the code, and setup secure credentials just to integrate when we have no other reason to do this.
9
5 comments
Nicole Saunders
Thank you for sharing this feedback and for using the feature request template, Mike.
If other users like Mike's suggestions and/or need similar functionality, please be sure to up-vote his post, and add any details or other ideas in the comments below.
0
David Rapin
I second this demand, I was very surprised when I found out that we would have to explicitly sync organizations via the API when we could have just passed the appropriate info the the SSO claim fields (org name, org id, etc.).
0
Hop Ho Dac
Is there any update with this request so far?
0
Viachaslau
Adding my voice to the idea. It must have
0
Caroline Kello
Hey folks, thanks you for taking the time to provide us with this feedback. I apologize for the delay on our end in providing you with a response.
You're right that the implementation of JWT differs to SAML and it doesn't create an organization if one doesn't exist. In 2024 we're looking at updating our SSO offering (starting with OpenID Connect which is currently available in EAP) so I'll add this as something we need to consider as we define our plans. Thanks again.
1