Can Zendesk be used as an Identity Provider? | Community
Skip to main content

Can Zendesk be used as an Identity Provider?

  • January 29, 2020
  • 7 replies
  • 0 views
C

I have an online training platform so that my customers can learn more about my products, supplementing my knowledge-base in Zendesk Guide. I will be creating articles in Guide that will contain links to the content on the new platform and I want my users to have a seamless experience and not have to log in again. If the user goes directly to the new platform then they should be redirected back to Zendesk for authentication. I need to restrict access to that training to users with a Zendesk account. The platform supports SAML 2.0, OAuth 2.0, and Token-base authentication.

There has to be a way to use all the work that I have done setting up my Zendesk database to authenticate my users to the new platform. Please tell me there is a solution for this.

    7 replies

    M
    • Maggie14
    • January 30, 2020

    Hi Chaz,

    We have this exact business case and found that we couldn't use Zendesk as an Identity Provider. We are testing OAuth right now as a potential solution but the technical team isn't completely happy with it. As we progress through the process, I'll share what we learn along the way.

    Thanks,
    Maggie

    A

    Hi Chaz and Maggie! 

    Zendesk is a service consumer and it can only be used to authenticate users from an external platform. Once your users are authenticated against your online learning platform, you could then send the SAML assertion and allow them to authenticate to your Zendesk account.

    If your users authenticate to your platform and this is sharing the same Single Sign-On details with your Zendesk account, then your users will be able to access the Zendesk Guide articles without being prompted with a new login request. However, the assertion would need to be passed from your IdP, or an external SSO tenant.

    One example, could be using this provider that would allow you to synchronise the user database. Thus, your users could login to any of the 2 accounts at the same time. More details on how to set up SSO with SAML can be found in this article.

    You could also apply a workflow, where you would use OAuth to authenticate Zendesk API requests on your online web platform. This allows you to pull specific content form your Zendesk account and Guide content against your online platform.

    Nevertheless, you could also pull the content of your Guide articles via our Help Center API endpoints and this would ensure that you provided your users with an updated and dynamic experience, where articles would be displayed directly against the web platform.

    I hope this helps!

    G
    • Greg54
    • September 16, 2020

    I have the same use case, I'd like to leverage our Zendesk user accounts to give our customers seamless access to our LMS  - and only have to register our users in 1 place.

    Zendesk team, are there any plans to support SAML 2.0 IdP functionality in Zendesk?

     

    Thanks!

    Brett13
    • Brett13
    • Community Manager
    • October 2, 2020

    Hey Greg,

    It looks like we currently do support SAML 2.0. It's not directly mentioned here: Enabling SAML single sign-on However, it is referenced in the code examples.

    Let me know if you have any other questions!

    G
    • Greg54
    • October 2, 2020

    Hi Brett,

    Thanks for your response. I see that SAML 2.0 is supported for authenticating into Zendesk using other Identity Providers (i.e. Okta, ADFS, etc.).  In this supported use case Zendesk is the SAML 2.0 SP.

    What I'm looking for is using Zendesk as the SAML 2.0 IdP.  So when my users try to access their LMS portal they get redirected to log into Zendesk which prompts them to log in, generates a SAML response for them, and sends them back to the LMS with the token to authenticate without having to supply another username and password.  So essentially they are leveraging their Zendesk credentials to access other services.

    As far as I can tell this isn't supported but maybe I'm wrong and I just can't find the right docs.

     

    Thanks again,


    Greg

    Brett13
    • Brett13
    • Community Manager
    • October 2, 2020

    Hey Greg,

    My apologies for misunderstanding! You are correct and this sort of functionality is not available within Zendesk.

    Sorry for the confusion! I'll be sure to pass this feedback along :)

    C
    • Chaz12
    • Author
    • March 16, 2021

    So, here we are, over a year later and I still have not found an acceptable solution for this. After learning that indeed, Zendesk will not support being the Identity Provider, not a surprise actually, now that I understand more, I have moved on to searching for other solutions. I thought that I had found one. Auth0 is a IdP that has perfected the migration of user data from a legacy database to their own repository, and they do it without forcing your users to reset their passwords. 

    Hold your excitement though. Zendesk does not support the extraction of data to the Auth0 database that would allow this to work. So pull from somewhere else, sure. Pull from Zendesk, nope. 

    So I am back to square one to make this work. It doesn't seem like it would be this difficult but Zendesk does not make it easy. Very simple to setup the SSO, just impossible to make it seamless for our users.

    Terms & ConditionsCookie settingsAccessibility statement