Zendesk provides the ability to create multiple SSO authentication configurations for different collections of users. This could be as simple as one authentication policy for end users and another for team members, or as complex as different authentication policies for specificgroups and organizationsof users.
After you've created your SSO configurations (seeEnabling SAML SSOandEnabling JWT SSO), you can view and manage them on the Single sign-on page in Admin Center.
Viewing your SSO configurations
Your SSO configurations display on the Single sign-on page in Admin Center in a list sorted from newest to oldest. The list includes the configuration's name, whether it's a SAML or JWT configuration, which types of users it's assigned to, and whether it's active or inactive.
- InAdmin Center, click账户in the sidebar, then selectSecurity > Single sign-on.
Editing SSO configurations
You may need to edit your SSO configurations after you create them. For example, you may need to create a new shared secret for a JWT configuration or update the remote login page URL.
To edit an SSO configuration
- InAdmin Center, click账户in the sidebar, then selectSecurity > Single sign-on.
- Click the option menu icon () and selectEditfor the SSO configuration you want to edit.
Activating or deactivating SSO configurations
SSO configurations are active when they are assigned to either team members or end users. To inactivate an SSO configuration, you must unassign it from both team members and end users, if applicable.
To activate or deactivate an SSO configuration
- Open the Security settings for team members or end users:
- InAdmin Center, click账户in the sidebar, then selectSecurity > Team member authentication.
- InAdmin Center, click账户in the sidebar, then selectSecurity > End user authentication.
- UnderExternal authentication>Single sign-on (SSO), select the configuration you want to activate. To inactivate a configuration, clear the check box.
- ClickSave.
Setting the primary SSO configuration
- Let them choose: Display all active authentication options on the sign-in page and allow users to choose how they sign in, or
- Redirect to SSO: Require users to sign in using the primary SSO method.
To set a primary SSO method
- Open the Security settings for team members or end users.
- InAdmin Center, click账户in the sidebar, then selectSecurity > Team member authentication.
- InAdmin Center, click账户in the sidebar, then selectSecurity > End user authentication.
- ForPrimary SSO, select the name of the SSO configuration you want to send users to by default.
ThePrimary SSOfield is visible if you have multiple SSO configurations active and you've selectedRedirect to SSO.
- ClickSave.
Adding "Continue with SSO" buttons to the Zendesk sign-in page
If youlet users choose how to sign in, you can show aContinue with SSO为每个活跃Zendesk登录亚博页面上的按钮SSO configuration. Customize the button labels so they are meaningful to your users. If you offer multiple SSO sign-in methods, create unique labels so users know which option to choose.
You might not authenticate users this way. For example, if your users only sign in using an identity provider (Idp-initiated SSO), you don't have to add SSO buttons because your users don't use the Zendesk sign-in page.
To add an SSO button to the Zendesk sign-in page
- InAdmin Center, click账户in the sidebar, then selectSecurity > Single sign-on.
- Click the option menu icon () and selectEditfor the SSO configuration you want to add to the sign-in page.
- Scroll to the bottom of the page and selectShow button when users sign in.
- In theButton namefield, enter the text that should follow "Continue with."
For example, typingteam member SSOcreates a button labeledContinue with team member SSO.
- ClickSave.
- 如果SSO configuration is inactive,activate itby assigning it to team members or end users.
Deleting SSO configurations
You can delete inactive SSO configurations.
To delete an SSO configuration
- InAdmin Center, click账户in the sidebar, then selectSecurity > Single sign-on.
- 如果configuration you want to delete is active, deactivate it first. SeeActivating or deactivating SSO configurations.
- Click the option menu icon () and select删除for the SSO configuration you want to delete.
7 Comments
Anton de Young- Are we able to delete SSO configurations? I don't see an option for that in the UI.
HiChris Fassano,
At the moment we don't allow SSO configurations to be deleted. Hopefully, in the future, we can add that combined with logs & restoration features to deal with accidental deletes.
We are currently configured for SSO through MO365 and Zendesk. We would like to stop using SSO and just have username and password login. What is the best process to acheive this?
Hi Peter,
If External Authentication is turned off then Zendesk native authentication will be used when logging into Zendesk (username and password) and turning it on again will set it (SSO) as the default once more.
To edit your user authentication:
I hope this helps! Thank you!
If I have multiple SSOs setup, then how do we display all options in sign in?
I see only one option "Continue with SSO" and that redirects to primary SSO all the time.
What is the maximum number of SSO configurations we can have simultaneously?
Hi abhishek,
You can check How can I set up multiple Zendesk SSO integrations in separate help centers?for a workaround with this.
Hi Chris,
The default Zendesk authentication method allows the creation of two SSO options.
Hope this helps.
Pleasesign into leave a comment.