Jake Burgy

Hey Bryan,

Maybe that's the confusion here - because that is what this thread is about. You have it backwards.

People want ZenDesk to act like the RP (Relying Party) in an OpenID scenario where they are bringing their own IdP's such as an Azure AD, Google, or other custom IdP tenant. We aren't asking that Zendesk be an IdP - though I could see scenarios where that may be useful, that should be a separate discussion.

Take a look at the original request: Can I use Zendesk to authenticate Zendesk users on behalf of another application? (like Google Sign In)

In that question, Google is the IdP (which holds the user account), and Ryan wants to be able to authenticate (or, more accurately, authorize) into Zendesk using a Google account (via OpenID Connect).

Zendesk already supports a proprietary mechanism that utilizes JWT tokens - so all you would need to do is enhance that custom implementation to adhere to the OIDC 1.0 standard (which is really just OAuth 2.0 with some extra bits).

Is there an ETA on Zendesk adding support for the OAuth 2.0 or OpenID Connect protocols as a Relying Party (RP)?

Is ZenDesk any closer to (re-)implementing OpenID Connect?

It seems rather silly to support "JWT" and call your SSO "JWT SSO" without supporting OpenID Connect, or even just OAuth 2.0 with a JWT payload.

OpenID Connect isn't as widely adopted, but why not support OAuth 2.0 as a RP with a possible JWT payload?

Your customers that have IdPs with other solutions want to be able to sign in to ZenDesk with those IdP's, and by having a custom solution instead of an industry standard (RFC) protocol supported, it makes it difficult to make those integrations happen.