Okta

How to Configure SAML 2.0 for Zendesk

Contents


Supported Features

The Okta/Zendesk SAML integration currently supports the following features:

For more information on the listed features, visit the Okta Glossary.


Configuration Steps

Variables

Here are the variables you will need to copy and paste into fields in either User Interface:


Configuration Steps - Old User Interface

Note: The SAML settings are the same for Admin & Agents and End users and can be activated on the corresponding tabs. You do not need to specify separate SAML configurations.

  1. Navigate to Admin > SETTINGS > Security, then select the appropriate tab (Admins & Agents or End-users). In our example, we used Admins & Agents.

  2. Check the Single sign-on (SSO) option.

  3. Check the SAML box:

  4. zendesk_new1.png

  5. Enter the following:

    • SAML SSO URL: Get this value from the Variables section above.

    • Certificate fingerprint: Get this value from the Variables section above.

    • Remote logout URL: Get this value from the Variables section above.

    • OPTIONAL: You can enter your IP ranges. Requests from these IP ranges will always be routed via remote authentication. Requests from IP addresses outside these ranges will be routed to the normal sign-in form.

    • OPTIONAL: Check the Disabled Passwords option. Do not enable this option before the SAML configuration is tested successfully. You need to use this option carefully. Disabling passwords will prevent all agents and admins from authenticating with their Zendesk password. This includes the Zendesk API. Passwords will be permanently deleted within 24 hours.

    • Click Save.

    • Note: If you lock yourself out of Zendesk you can login without SSO from: http://acme.zendesk.com/access/normal.

    zendesk_new2.png

  6. If you want to enable SAML for End-users, click on the End-users tab.

  7. Select the Single sign-on (SSO) option (the SAML settings are already pre-filled).

  8. Click Save.

  9. zendesk_new3.png

  10. Done!


Configuration Steps - New User Interface

Note: The SAML settings are the same for Staff members and End-users and can be activated on the corresponding tabs. You do not need to specify separate SAML configurations.

  1. Login to Zendesk security settings in Admin Center at https://[your-subdomain].zendesk.com/admin/security.

  2. Navigate to Single sign-on, then click Configure on the SAML tile.

    zendesk_new_a.png

  3. Enter the following:

    • Click Enabled.

    • SAML SSO URL: Get this value from the Variables section above.

    • Certificate fingerprint: Get this value from the Variables section above.

    • Remote logout URL: Get this value from the Variables section above.

    • (OPTIONAL) IP ranges: Enter your IP ranges. Requests from these IP ranges will always be routed via remote authentication. Requests from IP addresses outside these ranges will be routed to the normal sign-in form.

    • Click Save:

    zendesk_new_b.png

  4. If you want to enable SAML for Staff members and/or for End users, go to the corresponding tab, check External authentication, then click Save:

    • Staff members:

      zendesk_new_c.png

    • End users:

      zendesk_new_d.png

  5. Done!


Notes

Make sure that you entered the correct value in the Your Zendesk company name field under the General tab in Okta. Using the wrong value will prevent you from authenticating via SAML to Zendesk.

SP-initiated SSO

Go to https://[your-company-subdomain].zendesk.com URL.