Trouble with SSO auth login flow on my "admin" host mapped URL | Community
Skip to main content

Trouble with SSO auth login flow on my "admin" host mapped URL

  • December 28, 2022
  • 5 replies
  • 0 views
P

I was referred to this forum by support (Ticket #10684027) in order to get developer assistance.  I'm looking for some advice around DNS changes on my site as I'm encountering a bad user login experience today due to recent changes made by Zendesk.

I have JWT based SSO setup for my end users in my Zendesk tenant and internal Zendesk auth set up for my agents.  When I set this up several years ago, clicking on the sign-in link on my Guide site would take users to my external SSO IdP for authentication, which was my desired experience.

Starting back in August and continuing today, when anyone clicks on the sign-in link on my Guide site, they started being taken to the internal Zendesk authentication page, on which customers have to select "I'm a customer" to be able to sign in. 

This has caused a great amount of confusion for my customers as they miss the "I'm a customer link" and attempt to log into Zendesk with internal auth credentials but fail. 

I've been working with support for the past 4+ months attempting to determine what caused this, as we initially thought it may be related to deprecated API calls in use by my Guide theme.

This week, support has determined the most likely cause it that I have the word "admin" in the subdomain of my host mapped URL that customers are logging in from. Put another way, the page on my Guide site that has a sign in link is of the form "admin.mycompany.com".

Support informs me there is a regex in place that will automatically redirect any login attempts from host mapped URLs with the string "admin" in them to internal Zendesk auth and that this is a recent security feature.

I'm in the process of moving from a multi-brand site to a single brand site and will be setting up cnames for all 5 of my current brand host mapped URLs to point to the same FQDN that my "admin" brand currently uses (mycompany.zendesk.com).  This should solve the issue for anyone who just goes to my support site via links links from our website or those just naturally browsing to support.mycompany.com, but I worry about users who still have admin.mycompany.com bookmarked as I expect they will continue to experience this odd login flow.

I don't want to break those bookmarks, but I'm not sure how I'd get them a good login experience if they follow one of those links.  Any advice I can get will be greatly appreciated. 

    5 replies

    Greg29
    • Greg29
    • December 28, 2022

    Hi Paul! I wanted to drop a quick line in here to let you know that I took a look at the ticket and the internal conversations and holy cow, there is a lot going on over the last few months! Since this has been going on for so long, I want to be sure that I fully understand the issue and will want to connect with the product team responsible for this area. Basically, I don't want to give you any half answers or answers that you've already received, because I know how frustrating that can be after such a long-standing issue.

    With that being said, I'll start investigating this and I'll get back to you once I have a proper response. With this being a holiday week for a lot of people, it may take a little bit of time, but I will let you know as soon as I have some traction here.

    Thanks for your patience throughout this process...this looks like it has been really frustrating.

    P
    • Paul28
    • Author
    • December 29, 2022

     Hi Greg, thank you for the quick response!   I understand how it is over the holidays and look forward to working with you.

    P
    • Paul28
    • Author
    • January 12, 2023

    Hi @greg29, just following up.  Is there a plan for those customers using "admin" in their host mapping post this security change?  I suspect some other customers had their login flows changed by this as well. 

    Greg29
    • Greg29
    • January 12, 2023
    Hi Paul, apologies for the delay! I touched base with the team this morning and they informed me that they had recently pushed a fix to resolve this. I gave it a test and confirmed that this is now working as expected for me! Could you let me know if you're seeing the same behavior?
    P
    • Paul28
    • Author
    • January 12, 2023

    Hi @greg29, I just tested and it works now!  Thank you so much!!!

      Terms & ConditionsCookie settingsAccessibility statement