SSO Custom Time Settings


4 Commentaires

  • Tyler Riddle

    Just in case someone searches for this:

    So I got a note from Zendesk Support that there is a work around.  Before you start, you'll need the Cert Finger Print again as the web interface deletes it after you change Authorization Methods

    1. In the security page, temporarily change to Zendesk Authentication and set a "Custom" password policy.  You can then change the session time.

    At that point, you can set two week, 8 hours or something else.

    2.  Turn back on the SAML Authentication and re-enter the Finger Print to reconnect to your SAML Authorization back.


    Hopefully that option can be transferred to the other authorization methods!

  • Tyler Riddle

    Hi Stephen,

    It's my decision as to how long to leave them open,  I just want access to customize that trigger.  Currently with non-sso applications the user can remain logged in indefinitely until the token is cleared.  The answer is somewhere in the middle.  I'm more interested in the productivity of my support agents than whether or not they logged out of Zendesk.

    I do agree with your assessment of drafts.  That would certainly be helpful

  • Kristyn Thomas

    Thanks @Tyler Riddle - the workaround worked perfectly!

  • Stephen Belleau

    It sounds like the real issue here is not SSO timeouts, but a better way to save a draft on a ticket.

    From a security perspective, what you're suggesting would be akin to saying that "it's inconvenient to lock up my store when we close because I haven't finished all my work. I want my door unlocked when I return the next morning". 

    As it stands, 8 hours already exceeds security best practices for session timeouts. It should expire 15-30 minutes after an agent is idle. If an agent is mid-ticket when leaving for the day, or for lunch or a meeting, they need to save a draft. Zendesk does a good job of saving drafts for things like browser crashes, but it would be great if Zendesk gave agents a button so they can be confident their draft is saved and will be there when they return.

    It might be inconvenient, but you absolutely DO want your agents signed out when they're not actively working! 


Cette publication n’accepte pas de commentaire.

Réalisé par Zendesk