Carmelo LoPresti

I have found this statement to be incorrect under #3 of heading "Assigning SAML SSO to users"

Please confirm and update documentation.

"For end users, selecting the SSO option automatically deselects the Zendesk Authentication option if enabled."

This is incorrect - I have enabled SSO for end users in my Sandbox, and Zendesk Auth remains checked off (it does not auto disable).  I have also confirmed I'm able to log into Zendesk as a regular end user with SSO (primary) and with Zendesk Auth by going to the backdoor URL https://domain.zendesk.com/access/normal.

SSO is the primary method, since when going to our Zendesk URL and clicking "Sign In" it auto redirects to SSO (we use Azure AD).  So basically, the "Sign In" no longer provides a pop up for the user to log in whether it's a regular user or Agent.  But, Zendesk auth is still enabled and can be logged into if the end user (or agent) knows the backdoor URL.

 

 

 

Hello,
1 - Does Zendesk support using the UPN instead of the email address as the unique identifier?  Sometimes user's email address doesn't match their username (UPN), and can make SSO logins confusing for them.  We're using Azure AD for SSO.

2- If it does not support UPN as the unique identifier, when configuring the App in Azure AD, the Name ID defaults to user.userprincipalname (UPN).  Should this be changed on the Azure AD side to user.mail instead?  Seems like this should default to user.mail in Azure AD if Zendesk is using email address as the unique Identifier.