Using OpenID Connect to authenticate users in Messaging
It's not currently possible to use OpenID Connect to authenticate users in Messaging. This is an improvement that's part of our long-term plans but there's no current timeline for when this will be implemented.
Users logging in without an email address
Zendesk expects and requires all users to have an email address associated with their profile, but it’s possible that your users might try to sign in without having an email address. In this scenario, in order to prevent a loop where the authentication fails because of a missing email address, Zendesk will display an error message.
If you have your Team member authentication or End user authentication set up as Let them choose, we will display an error message on the Zendesk sign-in page saying “Couldn’t log you in because there’s no email address associated with your user profile. Contact your Admin to resolve this.”
If you have your Team member authentication or End user authentication set up as Redirect to SSO, we will display an error message on a Zendesk error page.
Changes to configuration form not propagating
There's a 1 minute cache in place when making changes to the configuration form which could result in failures if you're making changes in rapid succession while also testing the login.
Using Entra OIDC
If you want to use OIDC with Entra, there's a few specific requirements that need to be configured.
- Authentication mode must be PKCE
- Add the callback URL on the Entra OIDC PKCE configuration form, under Mobile and desktop applications - Redirect URIs.