Does Zendesk Support OpenID Connect?
PlanifiéeI have a web application separate from my Zendesk support site. I would like users of the Zendesk support site to be able to access my separate web application. I read that Zendesk supports OAuth 2.0, but that isn't really for authentication. Does Zendesk support the OpenID Connect standard? Can I use Zendesk to authenticate Zendesk users on behalf of another application? (like Google Sign In https://developers.google.com/identity/sign-in/web/sign-in)
-
Commentaire officiel
Creating a new update for this thread to help keep people up to date. We appreciate everyone's feedback. At this time, OIDC is not currently on our short term roadmap. We still believe supporting it is important, but have chose to focus on improving the configurability of our authentication options for all users before expanding the kinds of options we can support. I'm sure this is frustrating for some, especially those paying attention to this thread. Prioritization is hard, but we're confident that our upcoming releases will add the most value to the most of our customers. When we are able to confirm that we have more concrete and immediate plans, we'll update again.
-
As far as I can tell, I literally just signed into this site with OAuth to Google, so are we sure this isn't supported? I'd like to enable our AWS Cognito-based applications to pass user IDs over to Zendesk for support submissions.
-
I'm curious why Zendesk continues to support and maintain a homegrown one-off JWT SSO protocol whereas a standard JWT-based protocol like OpenID Connect has not been prioritized?
-
Hello Caroline Kello
In august 21 you said : We agree that this is a standard that we need to adopt and have OpenID Connect on our 9-month roadmap.
Do you have news about that ? It's an important constraint
Tks a lot
-
+1 for OIDC, we have application teams wondering why we chose this platform without basic federated sign-in for business. Looking forward to seeing this implemented so we can move away from the JWT sign-in.
-
Is ZenDesk any closer to (re-)implementing OpenID Connect?
It seems rather silly to support "JWT" and call your SSO "JWT SSO" without supporting OpenID Connect, or even just OAuth 2.0 with a JWT payload.
OpenID Connect isn't as widely adopted, but why not support OAuth 2.0 as a RP with a possible JWT payload?
Your customers that have IdPs with other solutions want to be able to sign in to ZenDesk with those IdP's, and by having a custom solution instead of an industry standard (RFC) protocol supported, it makes it difficult to make those integrations happen.
-
Hey Bryan,
Maybe that's the confusion here - because that is what this thread is about. You have it backwards.
People want ZenDesk to act like the RP (Relying Party) in an OpenID scenario where they are bringing their own IdP's such as an Azure AD, Google, or other custom IdP tenant. We aren't asking that Zendesk be an IdP - though I could see scenarios where that may be useful, that should be a separate discussion.
Take a look at the original request: Can I use Zendesk to authenticate Zendesk users on behalf of another application? (like Google Sign In)
In that question, Google is the IdP (which holds the user account), and Ryan wants to be able to authenticate (or, more accurately, authorize) into Zendesk using a Google account (via OpenID Connect).
Zendesk already supports a proprietary mechanism that utilizes JWT tokens - so all you would need to do is enhance that custom implementation to adhere to the OIDC 1.0 standard (which is really just OAuth 2.0 with some extra bits).
Is there an ETA on Zendesk adding support for the OAuth 2.0 or OpenID Connect protocols as a Relying Party (RP)?
-
+1 for supporting OIDC. We need this to integrate with the rest of our enterprise auth system.
-
+1 for this also.
We will have customer profiles sat in Cognito user pool, B2C should have been easy to do but we will need to implement the custom JWT (remote authentication) route I assume based on these comments.
Our business / agent users will be in AzureAD, therefore B2B is fine. -
The last thing I know is that in August 2021 there were plans to include OpenID Connect support in the 9 months roadmap.
I'm also looking to delegate authentication to our own OpenID Connect provider. Is there any beta version or any place to check the status? -
One more person waiting for OpenID support here.......
-
Any update on this? Looking for this for our set up as we are unable to use any of the others.
-
Hi Ryan-
At one time we supported the OpenID protocol, but that has since been deprecated from what I have seen after some research. We do not currently support OpenID Connect, and using Zendesk to authenticate users in this fashion is not possible at this time.
I will be moving this over to Product Feedback for other community members as well as our own Product team can continue to engage/upvote.
-
Thanks for the reply Joseph.
Not sure if it helps the Product team with use cases, but my ideal scenario would be as follows. The separate web app is a developer portal with API documentation and the like. External users who have access to my Zendesk site should also have access to the developer portal, preferably without another login (e.g. Zendesk as an OpenID provider).
I will find a different solution, but I look forward to the outcome of this product request.
-
I'd have also a use case here for OpenID connect. I'd like to use Azure B2C as the OpenID connect provider and use Accounts configured in B2C to sign in to Zendesk. This would allow us to provide our customers SSO across several applications amongst one is Zendesk.
Would be great to have OpenID connect or OAuth 2.0 protocol support in Zendesk for user authentication. (I know OAuth is supported for API calls, but I can't see a way using it for delegating user authentication)
-
+1 for supporting OIDC. We need this to integrate with the rest of our enterprise auth system.
-
Hi Jake and Callie. These are good points and add weight to this request. While no commitment has been made, these posts are reviewed by product management. I'll also pass along your latest comments.
-
Hey hey,
I'm Caroline from the Product team and I currently own our Authentication Service, which includes our different auth methods. Brian is correct that we've not committed it to our roadmap to add OpenID to the list of auth methods but I appreciate the feedback. I'll loop back on this thread if our roadmap changes and let you know.
Please continue to add your use cases to the thread! Cheers
-
Hello. We're also trying to make an Azure B2C for our customers to login to Zendesk, Aha and Litmos, together with our normal Azure B2B that is our company's domain (maybe it's not called that, I'm not a IT pro).
Microsoft struggle with how we should do this. Is this what we are missing? Is it developed yet?
-
Hi @... -- you're right and apologies for creating confusion here. Thank you, too, for providing those additional details to make clear what's being discussed in this post.
This issue was surfaced again last year with product management, which is when @... replied. There haven't been any announcements since then for supporting this, so the expectation should be to find or continue with alternatives.
As you've pointed out before, it is definitely a valid use case and painful not to have for those who are using an OpenID Connect based IdP. I'll go back and highlight to product management the continuing discussion here.
@...,
"Would the missing feature make this work?"
It sounds like it might -- but as mentioned, OpenID Connect is not supported. You also mentioned ADFS -- this article may help there: Setting up single sign-on using Active Directory with ADFS and SAML. Also see SSO (single sign-on) options in Zendesk.
-
The same problem here. We were trying to make integration between Azure B2C and Zendesk and basically failed. Standard Azure AD accounts work as expected but not B2C local accounts.
-
When ca we see this gets implemented?
-
Looking for a B2C Azure AD support also.
-
Ooh, progress, fabulous!
This would be a big solve for us.
-
What is the state on this? If there has been some progress could you please share your plans and roadmap? If not, explain why you think a widely supported standard is not important to you...
-
Hey folks, stepping back in as Barkha's no longer at Zendesk: we're in active development for supporting OIDC as a custom SSO configuration, alongside SAML and JWT. We'll be opening this up for a public Early Access Program in Q1 '24. I'll be back to update this post once it's available and it'll also be announced on Current and upcoming Zendesk betas so make sure to follow that article.
-
That's great news. Thanks for the update!
-
I am in a similar case. We would like to have our users to all be AWS user pool across Zendesk and an other website we manage. Is that possible?
-
HI Denis -
I don't believe anything has changed since Joseph's comment from last May.
-
Curious, is this still unsupported?
Vous devez vous connecter pour laisser un commentaire.
42 Commentaires