Can Zendesk be used as an Identity Provider?

Répondu

7 Commentaires

  • Maggie Ungerboeck
    Community Moderator

    Hi Chaz,

    We have this exact business case and found that we couldn't use Zendesk as an Identity Provider. We are testing OAuth right now as a potential solution but the technical team isn't completely happy with it. As we progress through the process, I'll share what we learn along the way.

    Thanks,
    Maggie

    0
  • Alexander Popa
    Zendesk team member

    Hi Chaz and Maggie! 

    Zendesk is a service consumer and it can only be used to authenticate users from an external platform. Once your users are authenticated against your online learning platform, you could then send the SAML assertion and allow them to authenticate to your Zendesk account.

    If your users authenticate to your platform and this is sharing the same Single Sign-On details with your Zendesk account, then your users will be able to access the Zendesk Guide articles without being prompted with a new login request. However, the assertion would need to be passed from your IdP, or an external SSO tenant.

    One example, could be using this provider that would allow you to synchronise the user database. Thus, your users could login to any of the 2 accounts at the same time. More details on how to set up SSO with SAML can be found in this article.

    You could also apply a workflow, where you would use OAuth to authenticate Zendesk API requests on your online web platform. This allows you to pull specific content form your Zendesk account and Guide content against your online platform.

    Nevertheless, you could also pull the content of your Guide articles via our Help Center API endpoints and this would ensure that you provided your users with an updated and dynamic experience, where articles would be displayed directly against the web platform.

    I hope this helps!

    0
  • Greg DiFruscio

    I have the same use case, I'd like to leverage our Zendesk user accounts to give our customers seamless access to our LMS  - and only have to register our users in 1 place.

    Zendesk team, are there any plans to support SAML 2.0 IdP functionality in Zendesk?

     

    Thanks!

    0
  • Brett Bowser
    Zendesk Community Team

    Hey Greg,

    It looks like we currently do support SAML 2.0. It's not directly mentioned here: Enabling SAML single sign-on However, it is referenced in the code examples.

    Let me know if you have any other questions!

    0
  • Greg DiFruscio

    Hi Brett,

    Thanks for your response. I see that SAML 2.0 is supported for authenticating into Zendesk using other Identity Providers (i.e. Okta, ADFS, etc.).  In this supported use case Zendesk is the SAML 2.0 SP.

    What I'm looking for is using Zendesk as the SAML 2.0 IdP.  So when my users try to access their LMS portal they get redirected to log into Zendesk which prompts them to log in, generates a SAML response for them, and sends them back to the LMS with the token to authenticate without having to supply another username and password.  So essentially they are leveraging their Zendesk credentials to access other services.

    As far as I can tell this isn't supported but maybe I'm wrong and I just can't find the right docs.

     

    Thanks again,


    Greg

    0
  • Brett Bowser
    Zendesk Community Team

    Hey Greg,

    My apologies for misunderstanding! You are correct and this sort of functionality is not available within Zendesk.

    Sorry for the confusion! I'll be sure to pass this feedback along :)

    0
  • Chaz Spahn

    So, here we are, over a year later and I still have not found an acceptable solution for this. After learning that indeed, Zendesk will not support being the Identity Provider, not a surprise actually, now that I understand more, I have moved on to searching for other solutions. I thought that I had found one. Auth0 is a IdP that has perfected the migration of user data from a legacy database to their own repository, and they do it without forcing your users to reset their passwords. 

    Hold your excitement though. Zendesk does not support the extraction of data to the Auth0 database that would allow this to work. So pull from somewhere else, sure. Pull from Zendesk, nope. 

    So I am back to square one to make this work. It doesn't seem like it would be this difficult but Zendesk does not make it easy. Very simple to setup the SSO, just impossible to make it seamless for our users.

    0

Vous devez vous connecter pour laisser un commentaire.

Réalisé par Zendesk