I have a question regarding Zendesk JWT authentication.
We are currently generating a token using the following attributes:
attributes = {
:iat => iat, # Seconds since epoch, determine when this token is stale
:jti => jti, # Unique token id, helps prevent replay attacks
:name => display_name,
:email => email,
:external_id => user_id
}
We have a scenario where two users share the same email address but have different external IDs. How does Zendesk handle this? Does it identify users based solely on the email address, or will it create separate records for each user?
We’ve disabled the "Update external IDs?" setting (Account -> Security -> Single sign-on -> JSON Web Token) because we don't want to override user IDs. This is due to the possibility of two users having the same email address but different external IDs, especially when they belong to different customer domains. Currently with the "Update external IDs?" disabled, if a user with an email in the system comes in with the same email and a different user external ID, they get redirected to the sign-in page instead of creating a new account (as we'd like).
Is there a way for Zendesk to search for a user based on the external_id first, and if the user doesn’t exist, create a new record? How does Zendesk prioritize these attributes when identifying users?
Thank you.
-Highspot