Pesquisas recentes
Sem pesquisas recentes
Allow “Sign in with Microsoft” to work with business accounts
Publicado 13 de mar. de 2025
This seems like an odd nuance, but I recently discovered that the “sign in with Microsoft” SSO button does not work for end users that have a Microsoft Business account. Almost all Zendesk clients work with businesses, and most businesses use Microsoft… so it only makes sense to have an SSO button that works, out of the box, for end users to sign in using their Microsoft account.
A Zendesk PM [1] mentions that it should be made using SSO by us, but Zendesk is unable to provide proper options to make it working directly to Microsoft using /common/ endpoint, SAML is a feature per tenant and we are looking for social login to support multitenant and personal accounts. Microsoft never restricted the Social Login feature using Microsoft Business account, its part of their /common/ login endpoint that allows login for all personal and tenant (business) accounts.
Note that the Google SSO button works with Personal AND Business (Google Workspace) accounts, it makes our jobs even more challenging to explain for our multisolution clients that they can use their Google Workspace accounts, but they cannot use they Microsoft account using exactly same domain.
Please, revert this decision as soon as possible.
2
4 comentários
Oficial
Caroline Kello
Hello everyone, Caroline from the Zendesk Product Team 👋 The security of your Zendesk account and personal information is of the utmost importance to us here. Thank you for sharing your concerns. We wanted to take a moment to share more details about our decision and update you on our plans.
In May 2023 a security vulnerability was addressed which could have potentially allowed an attacker to sign in as a Zendesk agent. There was no evidence that this vulnerability was exploited. The fix required linking Microsoft Entra ID tenants to the Microsoft sign-in settings for team members or enabling SAML-based SSO with the Entra ID tenant. That’s the behavior you see today in Admin Center under Account > Security > Team member authentication > External authentication.
The fix additionally prevents end users from signing in using Microsoft authentication with Entra ID, resulting in them only being able to sign in with their personal Microsoft accounts.
The vulnerability was a result of Microsoft allowing Microsoft account owners and administrators to set emails to an arbitrary value without any uniqueness, validation or verification. In contrast, Zendesk requires unique emails as identifiers for users and expects the Identity Provider (the Entra ID tenant in this case) to verify users' emails. Accounts have to be linked to a specific Entra ID tenant to ensure you are only working with trusted partners or your own directories.
There’s a possible path forward that we are exploring that would allow Zendesk admins to link Microsoft Entra ID to the Microsoft sign-in settings for end users (same as it works for team members today), but that’s not currently on our 2025 roadmap. Still, this potential future path wouldn’t allow for end users to sign in with any Microsoft business account because of the contradictions above on email uniqueness and verification.
Thank you again for raising your concerns. We have documented this feedback for us to use in the future however at this time there are no plans to change this course of action, and we are continuously dedicated to providing customers like you the highest level of protection. There are a few open posts with this request, please head over here to continue the conversation and provide more feedback. Thank you for sharing your concern and for continuing to be a valuable Zendesk customer.
0
Scott Tynan
+1 Absolutely agree
1
Scott Tynan
I have submitted a Feature request (yet to be approved) see it here once approved by the admin.
https://support.zendesk.com/hc/en-us/community/posts/9020368874522-Feature-Request-Enable-Microsoft-Business-Account-Sign-On-for-End-Users
1
Shawna James
Thank you for taking the time to provide us with your feedback. This has been logged for our PM team to review. For others who may be interested in this feature request, please add your support by upvoting this post and/or adding your use case to the comments below. Thank you again!
1