Zendesk
Learn how to enhance your Zendesk implementation using Adaptive Multi-Factor Authentication, Consent Management, Social Login, and Self-Service Account Management.
Zendesk supports the integration with 3rd-party Identity Providers (like Strivacity Fusion) via SAML, which lets you provide single sign-on (SSO) access to Zendesk accounts. With SSO, your customers can sign in once using the same accounts that they may already use to access your other user and customer facing applications.
You can enable SAML single sign-on only for staff members (admins and agents, including light agents and contributors), only for end users, or for both groups.
They're three steps required to setup and enhance your ZenDesk instance with Strivacity Fusion:

Step 1) Setup Zendesk as an Application within Fusion

To create an Application, follow these simple steps.
1) Start by logging into the Admin Console using an admin account.
2) From the left-hand menu, select Applications.
3) If you're just getting started with Fusion then the applications list will be empty. If any existing applications have been configured then they will be listed here.
4) Create a new application, click + Create Application button from the top right hand corner.
5) The tables below provides guidance on the purpose/required values for the fields on this page.
Once you have filled out all of the fields, click the Save button at the bottom of the page.

General Tab

Field Name
Description
Name
Define a name for this application. This name is displayed in the Applications listing and used to refer to this Application throughout Fusion.
Description
You can use this field to add any description or useful information that you may need for your Application.
Zendesk only supports SSO integration using SAML2, so for the purposes of this integration we will skip the OAuth2/OIDC tab.
SAML2 Tab
Field Name
Description
Entity ID
The generated ClientID will be used as the Entity ID
Enabled
Select this option to enable this integration
Assertion Consumer Service (ACS URLs)
Here you will specify the Assertion Consumer Service (ACS) URL from Zendesk. This will be of the format https://[zendesk instance URL].zendesk.com/access/saml/
Default ACS URL
This will be populated with the ACS URL once entered
Login URL
Here is where you configure the landing page for your application. This is where the user will end up once they finish logging in through Strivacity Fusion. For example https://yourwebsite/loginpage. Note: The Fusion hosted login page is not an entry point to the customer authentication flow.
Claim Mapping
Here you can select the pre-canned urn:oasis:names:tc:SAML:2.0:attrname-format:uri Claim Mapping
6) Once the Application has been saved, navigate back to the SAML2 tab. Scroll down, and you'll see that there is an option to download the Metadata XML file for this Metadata. You will use this to generate a SHA256 fingerprint and pasting it into the Certificate Fingerprint field in Step 2.4 below.

Step 2) Configure your Zendesk Instance

To enable SAML for your Zendesk products, follow these steps:
    1.
    In any Zenddesk product, click the Zendesk Products icon (
    ) in the top bar, then select Admin Center.
    2.
    Click the Security icon (
    ) in the left sidebar, then click the Single sign-on tab. The Single sign-on configuration will be displayed, as shown below:
Click to Enlarge
For SAML, click Configure. The SAML configuration page will be displayed, as shown below:
Click to Enlarge
3) The table below provides guidance on the purpose/required values for the fields on this page.
Field Name
Description
Enabled
Select this option to enable this integration
SAML SSO URL
Enter the remote login URL of your Fusion instance. This will be https://[Fusion instance URL]/provider/saml2
Certificate Fingerprint
This is the SHA256 fingerprint of the SAML certificate that was downloaded from Fusion in Step 6, above. You can use a free on-line tool like https://www.samlcomponent.net/tools/fingerprint.aspx to generate a SHA256 fingerprint from the X.509 public certificate from the metadata.xml file
Remote logout URL (optional)
Enter a logout URL where Zendesk can redirect your users after they sign out of Zendesk.
IP Ranges (optional)
Enter a list of IP ranges if you want to redirect users to the appropriate sign-in option
Users making requests from the specified IP ranges are routed to the remote SAML authentication sign-in form. Users making requests from IP addresses outside the ranges are routed to the normal Zendesk sign-in form. Don't specify a range if you want all users to be redirected to the remote authentication sign-in form.
7. Once your SAML SSO configuration is set, click Enabled so you can assign this option to users.
8. Click Save.

Step 3) Choosing an authentication method for Zendesk staff and end users

Now that SSO is setup between Strivacity Fusion and Zendesk, you can now choose the authentication method for Staff members and/or End users. Staff members and End users are the two categories of user defined by Zendesk.

To Enable End Users to Use Fusion for SSO

    1.
    In any Zenddesk product, click the Zendesk Products icon (
    ) in the top bar, then select Admin Center.
    2.
    Click the Security icon (
    ) in the left sidebar, then click the End users tab if it is not automatically displayed, as shown below:
Click to Enlarge
3. Next, check the 'External Authentication' box. The 'Enabled Methods: SAML' option should be automatically selected, as shown below. You can now click the Save button.
Click to Enlarge
4. Next, when you are ready for your End users to use SSO and to discontinue using Zendesk authentication, you can deselect the 'Zendesk authentication' checkbox followed by clicking the Save button. This is shown below:
Click to Enlarge
5. This completes the configuration for allowing Zendesk End users to use SSO to log into Zendesk.
In the unexpected event that a connection between Strivacity Fusion and Zendesk is unavailable, your End users can still sign in at https://[your Zendesk instance].zendesk.com/access/normal

To Enable Staff Members to Use Fusion for SSO

    1.
    In any Zenddesk product, click the Zendesk Products icon (
    ) in the top bar, then select Admin Center.
    2.
    Click the Security icon (
    ) in the left sidebar, then click the Staff members tab if it is not automatically displayed, as shown below:
Click to Enlarge
3. Next, check the 'External Authentication' box, then check the 'Single sign-on' radio button, as shown below. The 'Enabled Methods: SAML' option should be automatically selected.
Click to Enlarge
4. Next, click the Save button.
In the unexpected event that a connection between Strivacity Fusion and Zendesk is unavailable, your staff members can still sign in at https://[your Zendesk instance].zendesk.com/access/normal
5. This completes the configuration for allowing anyone with a Zendesk staff member role to use SSO to log into Zendesk.
Last modified 7d ago