Zendesk
Learn how to enhance your Zendesk implementation using Adaptive Multi-Factor Authentication, Consent Management, Social Login, and Self-Service Account Management.
Zendesk supports the integration with 3rd-party Identity Providers (like Strivacity) via SAML, which lets you provide single sign-on (SSO) access to Zendesk accounts. With SSO, your customers can sign in once using the same accounts that they may already use to access your other user and customer facing applications.
You can enable SAML single sign-on only for staff members (admins and agents, including light agents and contributors), only for end users, or for both groups.
They're three steps required to setup and enhance your ZenDesk instance with Strivacit:
Step 1) Setup Zendesk as an Application within Strivacity
To create an Application, follow these simple steps.
1) Start by logging into the Admin Console using an admin account.
2) From the left-hand menu, select Applications.
3) If you're just getting started with Strivacity then the applications list will be empty. If any existing applications have been configured then they will be listed here.
4) Create a new application, click + Create Application button from the top right hand corner.
5) The tables below provides guidance on the purpose/required values for the fields on this page.
Once you have filled out all of the fields, click the Save button at the bottom of the page.
General Tab
Field Name | Description |
---|---|
Name | Define a name for this application. This name is displayed in the Applications listing and used to refer to this Application throughout Strivacity. |
Description | You can use this field to add any description or useful information that you may need for your Application. |
Zendesk only supports SSO integration using SAML2, so for the purposes of this integration we will skip the OAuth2/OIDC tab.
SAML2 Tab
Field Name | Description |
---|---|
Entity ID | The generated ClientID will be used as the Entity ID |
Enabled | Select this option to enable this integration |
Assertion Consumer Service (ACS URLs) | Here you will specify the Assertion Consumer Service (ACS) URL from Zendesk. This will be of the format https://[Zendesk instance URL].zendesk.com/access/saml/ |
Default ACS URL | This will be populated with the ACS URL once entered |
Login URL | Here is where you configure the landing page for your application. This is where the user will end up once they finish logging in through Strivacity Strivacity. For example https://yourwebsite/loginpage Note:_ The Strivacity hosted login page is not an entry point to the customer authentication flow. |
Claim Mapping | Here you can select the pre-canned urn:oasis:names:tc:SAML:2.0:attrname-format:uri Claim Mapping |
6) Once the Application has been saved, navigate back to the SAML2 tab. Scroll down, and you'll see that there is an option to download the Metadata XML file for this Metadata. You will use this to generate a SHA256 fingerprint and pasting it into the Certificate Fingerprint field in Step 2.4 below.
Step 2) Configure your Zendesk Instance
To enable SAML for your Zendesk products, follow these steps:
- In any Zenddesk product, click the Zendesk Products icon (
) in the top bar, then select Admin Center.
- Click the Security icon (
) in the left sidebar, then click the Single sign-on tab. The Single sign-on configuration will be displayed, as shown below:
.png)
For SAML, click Configure. The SAML configuration page will be displayed, as shown below:
.png)
3) The table below provides guidance on the purpose/required values for the fields on this page.
Field Name | Description |
---|---|
Enabled | Select this option to enable this integration |
SAML SSO URL | Enter the remote login URL of your Strivacity instance. This will be https://[Strivacity instance URL]/provider/saml2 |
Certificate Fingerprint | This is the SHA256 fingerprint of the SAML certificate that was downloaded from Strivacity in Step 6, above. You can use a free on-line tool like https://www.samlcomponent.net/tools/fingerprint.aspx to generate a SHA256 fingerprint from the X.509 public certificate from the metadata.xml file |
Remote logout URL (optional) | Enter a logout URL where Zendesk can redirect your users after they sign out of Zendesk. |
IP Ranges (optional) | Enter a list of IP ranges if you want to redirect users to the appropriate sign-in option |
Users making requests from the specified IP ranges are routed to the remote SAML authentication sign-in form. Users making requests from IP addresses outside the ranges are routed to the normal Zendesk sign-in form. Don't specify a range if you want all users to be redirected to the remote authentication sign-in form.
7. Once your SAML SSO configuration is set, click Enabled so you can assign this option to users.
8. Click Save.
Step 3) Choosing an authentication method for Zendesk staff and end users
Now that SSO is setup between Strivacity Strivacity and Zendesk, you can now choose the authentication method for Staff members and/or End users. Staff members and End users are the two categories of user defined by Zendesk.
To Enable End Users to Use Strivacity for SSO
- In any Zenddesk product, click the Zendesk Products icon (
) in the top bar, then select Admin Center.
- Click the Security icon (
) in the left sidebar, then click the End users tab if it is not automatically displayed, as shown below:
.png)
3. Next, check the 'External Authentication' box. The 'Enabled Methods: SAML' option should be automatically selected, as shown below. You can now click the Save button.
.png)
4. Next, when you are ready for your End users to use SSO and to discontinue using Zendesk authentication, you can deselect the 'Zendesk authentication' checkbox followed by clicking the Save button. This is shown below:
.png)
5. This completes the configuration for allowing Zendesk End users to use SSO to log into Zendesk.
In the unexpected event that a connection between Strivacity and Zendesk is unavailable, your End users can still sign in at
https://[your Zendeks instance].zendesk.com/access/normal
To Enable Staff Members to Use Strivacity for SSO
- In any Zenddesk product, click the Zendesk Products icon (
) in the top bar, then select Admin Center.
- Click the Security icon (
) in the left sidebar, then click the Staff members tab if it is not automatically displayed, as shown below:
.png)
3. Next, check the 'External Authentication' box, then check the 'Single sign-on' radio button, as shown below. The 'Enabled Methods: SAML' option should be automatically selected.
.png)
4. Next, click the Save button.
In the unexpected event that a connection between Strivacity and Zendesk is unavailable, your staff members can still sign in at
https://[your Zendeks instance].zendesk.com/access/normal
5. This completes the configuration for allowing anyone with a Zendesk staff member role to use SSO to log into Zendesk.
Updated 5 months ago