Pesquisas recentes
Sem pesquisas recentes
Feature Request: Enable Microsoft Business Account Sign-On for End Users
Publicado 13 de mar. de 2025
Summary: We request the addition of Microsoft Business account sign-on for end users in Zendesk. This feature would allow end users to authenticate using their Microsoft Business credentials, enhancing security and streamlining the login process.
Description: Currently, Zendesk supports sign-in with Microsoft accounts, but this functionality is limited to personal Microsoft accounts. Many organizations use Microsoft Business accounts (Office 365) for their employees, and enabling sign-on with these accounts would provide significant benefits:
- Enhanced Security: Microsoft Business accounts often have stronger security measures, such as multi-factor authentication (MFA) and single sign-on (SSO) capabilities, which can help protect sensitive information.
- Streamlined User Experience: Allowing end users to sign in with their existing Microsoft Business credentials would simplify the login process, reducing the need to remember multiple passwords and improving overall user satisfaction.
- Consistency Across Platforms: Many organizations use Microsoft Business accounts for various services. Integrating this sign-on method in Zendesk would provide a consistent authentication experience across different platforms and tools.
Use Case: Our organization, along with many others, uses Microsoft Business accounts for all employees. Currently, our end users must create separate Zendesk accounts, which adds complexity and potential security risks. By enabling Microsoft Business account sign-on, we can ensure a seamless and secure login experience for our end users.
Community Feedback: This feature request is supported by multiple community members who have expressed the need for Microsoft Business account sign-on. For example, users have highlighted the inconvenience of the current limitation and the potential benefits of integrating business account authentication.
Conclusion: Implementing Microsoft Business account sign-on for end users in Zendesk would enhance security, streamline the user experience, and align with the needs of many organizations. We strongly urge Zendesk to consider this feature request to better support its user base.
2
3 comentários
Oficial
Caroline Kello
Hello, Caroline from the Zendesk Product Team 👋 The security of your Zendesk account and personal information is of the utmost importance to us here. Thank you for sharing your concerns. We wanted to take a moment to share more details about our decision and update you on our plans.
In May 2023 a security vulnerability was addressed which could have potentially allowed an attacker to sign in as a Zendesk agent. There was no evidence that this vulnerability was exploited. The fix required linking Microsoft Entra ID tenants to the Microsoft sign-in settings for team members or enabling SAML-based SSO with the Entra ID tenant. That’s the behavior you see today in Admin Center under Account > Security > Team member authentication > External authentication.
The fix additionally prevents end users from signing in using Microsoft authentication with Entra ID, resulting in them only being able to sign in with their personal Microsoft accounts.
The vulnerability was a result of Microsoft allowing Microsoft account owners and administrators to set emails to an arbitrary value without any uniqueness, validation or verification. In contrast, Zendesk requires unique emails as identifiers for users and expects the Identity Provider (the Entra ID tenant in this case) to verify users' emails. Accounts have to be linked to a specific Entra ID tenant to ensure you are only working with trusted partners or your own directories.
There’s a possible path forward that we are exploring that would allow Zendesk admins to link Microsoft Entra ID to the Microsoft sign-in settings for end users (same as it works for team members today), but that’s not currently on our 2025 roadmap. Still, this potential future path wouldn’t allow for end users to sign in with any Microsoft business account because of the contradictions above on email uniqueness and verification.
Thank you again for raising your concerns. We have documented this feedback for us to use in the future however at this time there are no plans to change this course of action, and we are continuously dedicated to providing customers like you the highest level of protection. There are a few open posts with this request, please head over here to continue the conversation and provide more feedback. Thank you for sharing your concern and for continuing to be a valuable Zendesk customer.
1
Ivan Carlos de Almeida
I asked Zendesk support about this and he mention that “Around the end of 2023 there was a vulnerability identified related to Azure IDP (now is called Entra) and potential concerns with forging an agent login. Due to this vulnerability, it was decided to not allow the business accounts for end users to have more control over the tenants.”
If the problem is regarding agent login, it should be blocked for agent logins, not end users, but agent logins works as Social Login and end users doesn't, so the supposed “vulnerability” is still open.
Also note that the Google SSO button works with Personal AND Business (Google Workspace) accounts, it makes our jobs even more challenging to explain for our multisolution clients that they can use their Google Workspace accounts, but they cannot use they Microsoft account using exactly same domain.
I will represent against Zendesk by our legal system in Brazil to act over this issue if not solved until March 31, 2025 because of our impact for over a year.
1
Ivan Carlos de Almeida
I asked Zendesk support about this and he mention that “Around the end of 2023 there was a vulnerability identified related to Azure IDP (now is called Entra) and potential concerns with forging an agent login. Due to this vulnerability, it was decided to not allow the business accounts for end users to have more control over the tenants.”
If the problem is regarding agent login, it should be blocked for agent logins, not end users, but agent logins works as Social Login and end users doesn't, so the supposed “vulnerability” is still open.
Also note that the Google SSO button works with Personal AND Business (Google Workspace) accounts, it makes our jobs even more challenging to explain for our multisolution clients that they can use their Google Workspace accounts, but they cannot use they Microsoft account using exactly same domain.
I will represent against Zendesk by our legal system in Brazil to act over this issue if not solved until March 31th 2025 because of our impact for over a year.
1